fix(oauth): remove OAuth session caching to prevent authentication issues
This commit is contained in:
@@ -1,5 +1,14 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
## 2025-07-22 - 3.1.2 - fix(oauth)
|
||||||
|
Remove OAuth session caching to prevent authentication issues
|
||||||
|
|
||||||
|
- Removed static OAuth session cache that was causing incomplete session issues
|
||||||
|
- Each OAuth token now creates a fresh session without caching
|
||||||
|
- Removed cache management methods (clearOAuthCache, clearOAuthCacheForToken, getOAuthCacheSize)
|
||||||
|
- Simplified init() method to treat OAuth tokens the same as regular API keys
|
||||||
|
- OAuth tokens still handle "Superfluous authentication" errors with initWithExistingInstallation
|
||||||
|
|
||||||
## 2025-07-22 - 3.1.1 - fix(oauth)
|
## 2025-07-22 - 3.1.1 - fix(oauth)
|
||||||
Fix OAuth token authentication flow for existing installations
|
Fix OAuth token authentication flow for existing installations
|
||||||
|
|
||||||
|
@@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "@apiclient.xyz/bunq",
|
"name": "@apiclient.xyz/bunq",
|
||||||
"version": "3.1.1",
|
"version": "3.1.2",
|
||||||
"private": false,
|
"private": false,
|
||||||
"description": "A full-featured TypeScript/JavaScript client for the bunq API",
|
"description": "A full-featured TypeScript/JavaScript client for the bunq API",
|
||||||
"type": "module",
|
"type": "module",
|
||||||
|
29
readme.md
29
readme.md
@@ -449,35 +449,6 @@ const accounts = await bunq.getAccounts();
|
|||||||
|
|
||||||
// According to bunq documentation:
|
// According to bunq documentation:
|
||||||
// "Just use the OAuth Token (access_token) as a normal bunq API key"
|
// "Just use the OAuth Token (access_token) as a normal bunq API key"
|
||||||
|
|
||||||
// OAuth Session Caching (v3.0.9+)
|
|
||||||
// The library automatically caches OAuth sessions to prevent multiple authentication attempts
|
|
||||||
|
|
||||||
// Multiple instances with the same OAuth token will reuse the cached session
|
|
||||||
const bunq1 = new BunqAccount({
|
|
||||||
apiKey: 'your-oauth-access-token',
|
|
||||||
deviceName: 'OAuth App Instance 1',
|
|
||||||
environment: 'PRODUCTION',
|
|
||||||
isOAuthToken: true
|
|
||||||
});
|
|
||||||
|
|
||||||
const bunq2 = new BunqAccount({
|
|
||||||
apiKey: 'your-oauth-access-token', // Same token
|
|
||||||
deviceName: 'OAuth App Instance 2',
|
|
||||||
environment: 'PRODUCTION',
|
|
||||||
isOAuthToken: true
|
|
||||||
});
|
|
||||||
|
|
||||||
await bunq1.init(); // Creates new session
|
|
||||||
await bunq2.init(); // Reuses cached session from bunq1
|
|
||||||
|
|
||||||
// This prevents "Superfluous authentication" errors when multiple instances
|
|
||||||
// try to authenticate with the same OAuth token
|
|
||||||
|
|
||||||
// Cache management methods
|
|
||||||
BunqAccount.clearOAuthCache(); // Clear all cached OAuth sessions
|
|
||||||
BunqAccount.clearOAuthCacheForToken('token', 'PRODUCTION'); // Clear specific token
|
|
||||||
const cacheSize = BunqAccount.getOAuthCacheSize(); // Get current cache size
|
|
||||||
```
|
```
|
||||||
|
|
||||||
### Error Handling
|
### Error Handling
|
||||||
|
@@ -1,105 +0,0 @@
|
|||||||
import { expect, tap } from '@git.zone/tstest/tapbundle';
|
|
||||||
import * as bunq from '../ts/index.js';
|
|
||||||
|
|
||||||
tap.test('should cache and reuse OAuth sessions', async () => {
|
|
||||||
// Create first OAuth account instance
|
|
||||||
const oauthBunq1 = new bunq.BunqAccount({
|
|
||||||
apiKey: 'test-oauth-token-cache',
|
|
||||||
deviceName: 'OAuth Test App 1',
|
|
||||||
environment: 'SANDBOX',
|
|
||||||
isOAuthToken: true
|
|
||||||
});
|
|
||||||
|
|
||||||
// Create second OAuth account instance with same token
|
|
||||||
const oauthBunq2 = new bunq.BunqAccount({
|
|
||||||
apiKey: 'test-oauth-token-cache',
|
|
||||||
deviceName: 'OAuth Test App 2',
|
|
||||||
environment: 'SANDBOX',
|
|
||||||
isOAuthToken: true
|
|
||||||
});
|
|
||||||
|
|
||||||
try {
|
|
||||||
// Initialize first instance
|
|
||||||
await oauthBunq1.init();
|
|
||||||
console.log('First OAuth instance initialized');
|
|
||||||
|
|
||||||
// Check cache size
|
|
||||||
const cacheSize1 = bunq.BunqAccount.getOAuthCacheSize();
|
|
||||||
console.log(`Cache size after first init: ${cacheSize1}`);
|
|
||||||
|
|
||||||
// Initialize second instance - should reuse cached session
|
|
||||||
await oauthBunq2.init();
|
|
||||||
console.log('Second OAuth instance should have reused cached session');
|
|
||||||
|
|
||||||
// Both instances should share the same API context
|
|
||||||
expect(oauthBunq1.apiContext).toEqual(oauthBunq2.apiContext);
|
|
||||||
|
|
||||||
// Cache size should still be 1
|
|
||||||
const cacheSize2 = bunq.BunqAccount.getOAuthCacheSize();
|
|
||||||
expect(cacheSize2).toEqual(1);
|
|
||||||
|
|
||||||
} catch (error) {
|
|
||||||
// Expected to fail with invalid token, but we can test the caching logic
|
|
||||||
console.log('OAuth caching test completed (expected auth failure with mock token)');
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
tap.test('should handle OAuth session cache clearing', async () => {
|
|
||||||
// Create OAuth account instance
|
|
||||||
const oauthBunq = new bunq.BunqAccount({
|
|
||||||
apiKey: 'test-oauth-token-clear',
|
|
||||||
deviceName: 'OAuth Test App',
|
|
||||||
environment: 'SANDBOX',
|
|
||||||
isOAuthToken: true
|
|
||||||
});
|
|
||||||
|
|
||||||
try {
|
|
||||||
await oauthBunq.init();
|
|
||||||
} catch (error) {
|
|
||||||
// Expected failure with mock token
|
|
||||||
}
|
|
||||||
|
|
||||||
// Clear specific token from cache
|
|
||||||
bunq.BunqAccount.clearOAuthCacheForToken('test-oauth-token-clear', 'SANDBOX');
|
|
||||||
|
|
||||||
// Clear all OAuth cache
|
|
||||||
bunq.BunqAccount.clearOAuthCache();
|
|
||||||
|
|
||||||
// Cache should be empty
|
|
||||||
const cacheSize = bunq.BunqAccount.getOAuthCacheSize();
|
|
||||||
expect(cacheSize).toEqual(0);
|
|
||||||
|
|
||||||
console.log('OAuth cache clearing test passed');
|
|
||||||
});
|
|
||||||
|
|
||||||
tap.test('should handle different OAuth tokens separately', async () => {
|
|
||||||
const oauthBunq1 = new bunq.BunqAccount({
|
|
||||||
apiKey: 'test-oauth-token-1',
|
|
||||||
deviceName: 'OAuth Test App 1',
|
|
||||||
environment: 'SANDBOX',
|
|
||||||
isOAuthToken: true
|
|
||||||
});
|
|
||||||
|
|
||||||
const oauthBunq2 = new bunq.BunqAccount({
|
|
||||||
apiKey: 'test-oauth-token-2',
|
|
||||||
deviceName: 'OAuth Test App 2',
|
|
||||||
environment: 'SANDBOX',
|
|
||||||
isOAuthToken: true
|
|
||||||
});
|
|
||||||
|
|
||||||
try {
|
|
||||||
await oauthBunq1.init();
|
|
||||||
await oauthBunq2.init();
|
|
||||||
} catch (error) {
|
|
||||||
// Expected failures with mock tokens
|
|
||||||
}
|
|
||||||
|
|
||||||
// Should have 2 different cached sessions
|
|
||||||
const cacheSize = bunq.BunqAccount.getOAuthCacheSize();
|
|
||||||
console.log(`Cache size with different tokens: ${cacheSize}`);
|
|
||||||
|
|
||||||
// Clear cache for cleanup
|
|
||||||
bunq.BunqAccount.clearOAuthCache();
|
|
||||||
});
|
|
||||||
|
|
||||||
tap.start();
|
|
@@ -17,9 +17,6 @@ export interface IBunqConstructorOptions {
|
|||||||
* the main bunq account
|
* the main bunq account
|
||||||
*/
|
*/
|
||||||
export class BunqAccount {
|
export class BunqAccount {
|
||||||
// Static cache for OAuth token sessions to prevent multiple authentication attempts
|
|
||||||
private static oauthSessionCache = new Map<string, BunqApiContext>();
|
|
||||||
|
|
||||||
public options: IBunqConstructorOptions;
|
public options: IBunqConstructorOptions;
|
||||||
public apiContext: BunqApiContext;
|
public apiContext: BunqApiContext;
|
||||||
public userId: number;
|
public userId: number;
|
||||||
@@ -35,17 +32,7 @@ export class BunqAccount {
|
|||||||
* Initialize the bunq account
|
* Initialize the bunq account
|
||||||
*/
|
*/
|
||||||
public async init() {
|
public async init() {
|
||||||
// For OAuth tokens, check if we already have a cached session
|
// Create API context for both OAuth tokens and regular API keys
|
||||||
if (this.options.isOAuthToken) {
|
|
||||||
const cacheKey = `${this.options.apiKey}_${this.options.environment}`;
|
|
||||||
const cachedContext = BunqAccount.oauthSessionCache.get(cacheKey);
|
|
||||||
|
|
||||||
if (cachedContext && cachedContext.hasValidSession()) {
|
|
||||||
// Reuse existing session
|
|
||||||
this.apiContext = cachedContext;
|
|
||||||
console.log('Reusing existing OAuth session from cache');
|
|
||||||
} else {
|
|
||||||
// Create new context and cache it
|
|
||||||
this.apiContext = new BunqApiContext({
|
this.apiContext = new BunqApiContext({
|
||||||
apiKey: this.options.apiKey,
|
apiKey: this.options.apiKey,
|
||||||
environment: this.options.environment,
|
environment: this.options.environment,
|
||||||
@@ -56,19 +43,15 @@ export class BunqAccount {
|
|||||||
|
|
||||||
try {
|
try {
|
||||||
await this.apiContext.init();
|
await this.apiContext.init();
|
||||||
// Cache the successfully initialized context
|
|
||||||
BunqAccount.oauthSessionCache.set(cacheKey, this.apiContext);
|
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
// Handle "Superfluous authentication" or "Authentication token already has a user session" errors
|
// Handle "Superfluous authentication" or "Authentication token already has a user session" errors
|
||||||
if (error instanceof BunqApiError) {
|
if (error instanceof BunqApiError && this.options.isOAuthToken) {
|
||||||
const errorMessages = error.errors.map(e => e.error_description).join(' ');
|
const errorMessages = error.errors.map(e => e.error_description).join(' ');
|
||||||
if (errorMessages.includes('Superfluous authentication') ||
|
if (errorMessages.includes('Superfluous authentication') ||
|
||||||
errorMessages.includes('Authentication token already has a user session')) {
|
errorMessages.includes('Authentication token already has a user session')) {
|
||||||
console.log('OAuth token already has installation/device, attempting to create new session...');
|
console.log('OAuth token already has installation/device, attempting to create new session...');
|
||||||
// Try to create a new session with existing installation/device
|
// Try to create a new session with existing installation/device
|
||||||
await this.apiContext.initWithExistingInstallation();
|
await this.apiContext.initWithExistingInstallation();
|
||||||
// Cache the context with new session
|
|
||||||
BunqAccount.oauthSessionCache.set(cacheKey, this.apiContext);
|
|
||||||
} else {
|
} else {
|
||||||
throw error;
|
throw error;
|
||||||
}
|
}
|
||||||
@@ -76,19 +59,6 @@ export class BunqAccount {
|
|||||||
throw error;
|
throw error;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
} else {
|
|
||||||
// Regular API key flow
|
|
||||||
this.apiContext = new BunqApiContext({
|
|
||||||
apiKey: this.options.apiKey,
|
|
||||||
environment: this.options.environment,
|
|
||||||
deviceDescription: this.options.deviceName,
|
|
||||||
permittedIps: this.options.permittedIps,
|
|
||||||
isOAuthToken: this.options.isOAuthToken
|
|
||||||
});
|
|
||||||
|
|
||||||
await this.apiContext.init();
|
|
||||||
}
|
|
||||||
|
|
||||||
// Create user instance
|
// Create user instance
|
||||||
this.bunqUser = new BunqUser(this.apiContext);
|
this.bunqUser = new BunqUser(this.apiContext);
|
||||||
@@ -207,28 +177,4 @@ export class BunqAccount {
|
|||||||
this.apiContext = null;
|
this.apiContext = null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Clear the OAuth session cache
|
|
||||||
*/
|
|
||||||
public static clearOAuthCache(): void {
|
|
||||||
BunqAccount.oauthSessionCache.clear();
|
|
||||||
console.log('OAuth session cache cleared');
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Clear a specific OAuth token from the cache
|
|
||||||
*/
|
|
||||||
public static clearOAuthCacheForToken(apiKey: string, environment: 'SANDBOX' | 'PRODUCTION'): void {
|
|
||||||
const cacheKey = `${apiKey}_${environment}`;
|
|
||||||
BunqAccount.oauthSessionCache.delete(cacheKey);
|
|
||||||
console.log(`OAuth session cache cleared for token in ${environment} environment`);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Get the current size of the OAuth cache
|
|
||||||
*/
|
|
||||||
public static getOAuthCacheSize(): number {
|
|
||||||
return BunqAccount.oauthSessionCache.size;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user