fix(oauth): remove OAuth session caching to prevent authentication issues

This commit is contained in:
Juergen Kunz
2025-07-25 00:44:04 +00:00
parent 9011390dc4
commit f790984a95
5 changed files with 34 additions and 213 deletions

View File

@@ -1,5 +1,14 @@
# Changelog
## 2025-07-22 - 3.1.2 - fix(oauth)
Remove OAuth session caching to prevent authentication issues
- Removed static OAuth session cache that was causing incomplete session issues
- Each OAuth token now creates a fresh session without caching
- Removed cache management methods (clearOAuthCache, clearOAuthCacheForToken, getOAuthCacheSize)
- Simplified init() method to treat OAuth tokens the same as regular API keys
- OAuth tokens still handle "Superfluous authentication" errors with initWithExistingInstallation
## 2025-07-22 - 3.1.1 - fix(oauth)
Fix OAuth token authentication flow for existing installations

View File

@@ -1,6 +1,6 @@
{
"name": "@apiclient.xyz/bunq",
"version": "3.1.1",
"version": "3.1.2",
"private": false,
"description": "A full-featured TypeScript/JavaScript client for the bunq API",
"type": "module",

View File

@@ -449,35 +449,6 @@ const accounts = await bunq.getAccounts();
// According to bunq documentation:
// "Just use the OAuth Token (access_token) as a normal bunq API key"
// OAuth Session Caching (v3.0.9+)
// The library automatically caches OAuth sessions to prevent multiple authentication attempts
// Multiple instances with the same OAuth token will reuse the cached session
const bunq1 = new BunqAccount({
apiKey: 'your-oauth-access-token',
deviceName: 'OAuth App Instance 1',
environment: 'PRODUCTION',
isOAuthToken: true
});
const bunq2 = new BunqAccount({
apiKey: 'your-oauth-access-token', // Same token
deviceName: 'OAuth App Instance 2',
environment: 'PRODUCTION',
isOAuthToken: true
});
await bunq1.init(); // Creates new session
await bunq2.init(); // Reuses cached session from bunq1
// This prevents "Superfluous authentication" errors when multiple instances
// try to authenticate with the same OAuth token
// Cache management methods
BunqAccount.clearOAuthCache(); // Clear all cached OAuth sessions
BunqAccount.clearOAuthCacheForToken('token', 'PRODUCTION'); // Clear specific token
const cacheSize = BunqAccount.getOAuthCacheSize(); // Get current cache size
```
### Error Handling

View File

@@ -1,105 +0,0 @@
import { expect, tap } from '@git.zone/tstest/tapbundle';
import * as bunq from '../ts/index.js';
tap.test('should cache and reuse OAuth sessions', async () => {
// Create first OAuth account instance
const oauthBunq1 = new bunq.BunqAccount({
apiKey: 'test-oauth-token-cache',
deviceName: 'OAuth Test App 1',
environment: 'SANDBOX',
isOAuthToken: true
});
// Create second OAuth account instance with same token
const oauthBunq2 = new bunq.BunqAccount({
apiKey: 'test-oauth-token-cache',
deviceName: 'OAuth Test App 2',
environment: 'SANDBOX',
isOAuthToken: true
});
try {
// Initialize first instance
await oauthBunq1.init();
console.log('First OAuth instance initialized');
// Check cache size
const cacheSize1 = bunq.BunqAccount.getOAuthCacheSize();
console.log(`Cache size after first init: ${cacheSize1}`);
// Initialize second instance - should reuse cached session
await oauthBunq2.init();
console.log('Second OAuth instance should have reused cached session');
// Both instances should share the same API context
expect(oauthBunq1.apiContext).toEqual(oauthBunq2.apiContext);
// Cache size should still be 1
const cacheSize2 = bunq.BunqAccount.getOAuthCacheSize();
expect(cacheSize2).toEqual(1);
} catch (error) {
// Expected to fail with invalid token, but we can test the caching logic
console.log('OAuth caching test completed (expected auth failure with mock token)');
}
});
tap.test('should handle OAuth session cache clearing', async () => {
// Create OAuth account instance
const oauthBunq = new bunq.BunqAccount({
apiKey: 'test-oauth-token-clear',
deviceName: 'OAuth Test App',
environment: 'SANDBOX',
isOAuthToken: true
});
try {
await oauthBunq.init();
} catch (error) {
// Expected failure with mock token
}
// Clear specific token from cache
bunq.BunqAccount.clearOAuthCacheForToken('test-oauth-token-clear', 'SANDBOX');
// Clear all OAuth cache
bunq.BunqAccount.clearOAuthCache();
// Cache should be empty
const cacheSize = bunq.BunqAccount.getOAuthCacheSize();
expect(cacheSize).toEqual(0);
console.log('OAuth cache clearing test passed');
});
tap.test('should handle different OAuth tokens separately', async () => {
const oauthBunq1 = new bunq.BunqAccount({
apiKey: 'test-oauth-token-1',
deviceName: 'OAuth Test App 1',
environment: 'SANDBOX',
isOAuthToken: true
});
const oauthBunq2 = new bunq.BunqAccount({
apiKey: 'test-oauth-token-2',
deviceName: 'OAuth Test App 2',
environment: 'SANDBOX',
isOAuthToken: true
});
try {
await oauthBunq1.init();
await oauthBunq2.init();
} catch (error) {
// Expected failures with mock tokens
}
// Should have 2 different cached sessions
const cacheSize = bunq.BunqAccount.getOAuthCacheSize();
console.log(`Cache size with different tokens: ${cacheSize}`);
// Clear cache for cleanup
bunq.BunqAccount.clearOAuthCache();
});
tap.start();

View File

@@ -17,9 +17,6 @@ export interface IBunqConstructorOptions {
* the main bunq account
*/
export class BunqAccount {
// Static cache for OAuth token sessions to prevent multiple authentication attempts
private static oauthSessionCache = new Map<string, BunqApiContext>();
public options: IBunqConstructorOptions;
public apiContext: BunqApiContext;
public userId: number;
@@ -35,17 +32,7 @@ export class BunqAccount {
* Initialize the bunq account
*/
public async init() {
// For OAuth tokens, check if we already have a cached session
if (this.options.isOAuthToken) {
const cacheKey = `${this.options.apiKey}_${this.options.environment}`;
const cachedContext = BunqAccount.oauthSessionCache.get(cacheKey);
if (cachedContext && cachedContext.hasValidSession()) {
// Reuse existing session
this.apiContext = cachedContext;
console.log('Reusing existing OAuth session from cache');
} else {
// Create new context and cache it
// Create API context for both OAuth tokens and regular API keys
this.apiContext = new BunqApiContext({
apiKey: this.options.apiKey,
environment: this.options.environment,
@@ -56,19 +43,15 @@ export class BunqAccount {
try {
await this.apiContext.init();
// Cache the successfully initialized context
BunqAccount.oauthSessionCache.set(cacheKey, this.apiContext);
} catch (error) {
// Handle "Superfluous authentication" or "Authentication token already has a user session" errors
if (error instanceof BunqApiError) {
if (error instanceof BunqApiError && this.options.isOAuthToken) {
const errorMessages = error.errors.map(e => e.error_description).join(' ');
if (errorMessages.includes('Superfluous authentication') ||
errorMessages.includes('Authentication token already has a user session')) {
console.log('OAuth token already has installation/device, attempting to create new session...');
// Try to create a new session with existing installation/device
await this.apiContext.initWithExistingInstallation();
// Cache the context with new session
BunqAccount.oauthSessionCache.set(cacheKey, this.apiContext);
} else {
throw error;
}
@@ -76,19 +59,6 @@ export class BunqAccount {
throw error;
}
}
}
} else {
// Regular API key flow
this.apiContext = new BunqApiContext({
apiKey: this.options.apiKey,
environment: this.options.environment,
deviceDescription: this.options.deviceName,
permittedIps: this.options.permittedIps,
isOAuthToken: this.options.isOAuthToken
});
await this.apiContext.init();
}
// Create user instance
this.bunqUser = new BunqUser(this.apiContext);
@@ -207,28 +177,4 @@ export class BunqAccount {
this.apiContext = null;
}
}
/**
* Clear the OAuth session cache
*/
public static clearOAuthCache(): void {
BunqAccount.oauthSessionCache.clear();
console.log('OAuth session cache cleared');
}
/**
* Clear a specific OAuth token from the cache
*/
public static clearOAuthCacheForToken(apiKey: string, environment: 'SANDBOX' | 'PRODUCTION'): void {
const cacheKey = `${apiKey}_${environment}`;
BunqAccount.oauthSessionCache.delete(cacheKey);
console.log(`OAuth session cache cleared for token in ${environment} environment`);
}
/**
* Get the current size of the OAuth cache
*/
public static getOAuthCacheSize(): number {
return BunqAccount.oauthSessionCache.size;
}
}