fix(oauth): remove OAuth session caching to prevent authentication issues

fix(oauth): fix OAuth token authentication flow for existing installations
feat(oauth): add OAuth session caching to prevent multiple authentication attempts
2025-07-25 00:44:04 +00:00 · 2025-07-24 12:28:50 +00:00 · 2025-07-22 22:56:50 +00:00
5 changed files with 113 additions and 11 deletions
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,34 @@
 # Changelog

+## 2025-07-22 - 3.1.2 - fix(oauth)
+Remove OAuth session caching to prevent authentication issues
+
+- Removed static OAuth session cache that was causing incomplete session issues
+- Each OAuth token now creates a fresh session without caching
+- Removed cache management methods (clearOAuthCache, clearOAuthCacheForToken, getOAuthCacheSize)
+- Simplified init() method to treat OAuth tokens the same as regular API keys
+- OAuth tokens still handle "Superfluous authentication" errors with initWithExistingInstallation
+
+## 2025-07-22 - 3.1.1 - fix(oauth)
+Fix OAuth token authentication flow for existing installations
+
+- Fixed initWithExistingInstallation to properly create new sessions with existing installation/device
+- OAuth tokens now correctly skip installation/device steps when they already exist
+- Session creation still uses OAuth token as the secret parameter
+- Properly handles "Superfluous authentication" errors by reusing existing installation
+- Renamed initWithExistingSession to initWithExistingInstallation for clarity
+
+## 2025-07-22 - 3.1.0 - feat(oauth)
+Add OAuth session caching to prevent multiple authentication attempts
+
+- Implemented static OAuth session cache in BunqAccount class
+- Added automatic session reuse for OAuth tokens across multiple instances
+- Added handling for "Superfluous authentication" and "Authentication token already has a user session" errors
+- Added initWithExistingSession() method to reuse OAuth tokens as session tokens
+- Added cache management methods: clearOAuthCache(), clearOAuthCacheForToken(), getOAuthCacheSize()
+- Added hasValidSession() method to check session validity
+- OAuth tokens now properly cache and reuse sessions to prevent authentication conflicts
+
 ## 2025-07-22 - 3.0.8 - fix(oauth)
 Correct OAuth implementation to match bunq documentation

--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@apiclient.xyz/bunq",
-  "version": "3.0.9",
+  "version": "3.1.2",
  "private": false,
  "description": "A full-featured TypeScript/JavaScript client for the bunq API",
  "type": "module",
--- a/ts/bunq.classes.account.ts
+++ b/ts/bunq.classes.account.ts
@@ -2,6 +2,7 @@ import * as plugins from './bunq.plugins.js';
 import { BunqApiContext } from './bunq.classes.apicontext.js';
 import { BunqMonetaryAccount } from './bunq.classes.monetaryaccount.js';
 import { BunqUser } from './bunq.classes.user.js';
+import { BunqApiError } from './bunq.classes.httpclient.js';
 import type { IBunqSessionServerResponse } from './bunq.interfaces.js';

 export interface IBunqConstructorOptions {
@@ -31,7 +32,7 @@ export class BunqAccount {
   * Initialize the bunq account
   */
  public async init() {
-    // Create API context
+    // Create API context for both OAuth tokens and regular API keys
    this.apiContext = new BunqApiContext({
      apiKey: this.options.apiKey,
      environment: this.options.environment,
@@ -40,8 +41,24 @@ export class BunqAccount {
      isOAuthToken: this.options.isOAuthToken
    });

-    // Initialize API context (handles installation, device registration, session)
-    await this.apiContext.init();
+    try {
+      await this.apiContext.init();
+    } catch (error) {
+      // Handle "Superfluous authentication" or "Authentication token already has a user session" errors
+      if (error instanceof BunqApiError && this.options.isOAuthToken) {
+        const errorMessages = error.errors.map(e => e.error_description).join(' ');
+        if (errorMessages.includes('Superfluous authentication') ||
+            errorMessages.includes('Authentication token already has a user session')) {
+          console.log('OAuth token already has installation/device, attempting to create new session...');
+          // Try to create a new session with existing installation/device
+          await this.apiContext.initWithExistingInstallation();
+        } else {
+          throw error;
+        }
+      } else {
+        throw error;
+      }
+    }

    // Create user instance
    this.bunqUser = new BunqUser(this.apiContext);
--- a/ts/bunq.classes.apicontext.ts
+++ b/ts/bunq.classes.apicontext.ts
@@ -162,4 +162,58 @@ export class BunqApiContext {
  public getBaseUrl(): string {
    return this.context.baseUrl;
  }
+
+  /**
+   * Check if the context has a valid session
+   */
+  public hasValidSession(): boolean {
+    return this.session && this.session.isSessionValid();
+  }
+
+  /**
+   * Initialize with existing installation and device (for OAuth tokens that already completed these steps)
+   */
+  public async initWithExistingInstallation(): Promise<void> {
+    // For OAuth tokens that already have installation/device but need a new session
+    // We need to:
+    // 1. Try to load existing installation/device info
+    // 2. Create a new session using the OAuth token as the secret
+    
+    const existingContext = await this.loadContext();
+    
+    if (existingContext && existingContext.clientPrivateKey && existingContext.clientPublicKey) {
+      // Restore crypto keys from previous installation
+      this.crypto.setKeys(
+        existingContext.clientPrivateKey,
+        existingContext.clientPublicKey
+      );
+      
+      // Update context with existing installation data
+      this.context = { ...this.context, ...existingContext };
+      
+      // Create new session instance
+      this.session = new BunqSession(this.crypto, this.context);
+      
+      // Try to create a new session with the OAuth token
+      try {
+        await this.session.init(
+          this.options.deviceDescription,
+          this.options.permittedIps || [],
+          true // skipInstallationAndDevice = true
+        );
+        
+        if (this.options.isOAuthToken) {
+          this.session.setOAuthMode(true);
+        }
+        
+        await this.saveContext();
+        console.log('Successfully created new session with existing installation');
+      } catch (error) {
+        throw new Error(`Failed to create session with OAuth token: ${error.message}`);
+      }
+    } else {
+      // No existing installation, fall back to full init
+      throw new Error('No existing installation found, full initialization required');
+    }
+  }
 }
--- a/ts/bunq.classes.session.ts
+++ b/ts/bunq.classes.session.ts
@@ -24,14 +24,16 @@ export class BunqSession {
  /**
   * Initialize a new bunq API session
   */
-  public async init(deviceDescription: string, permittedIps: string[] = []): Promise<void> {
-    // Step 1: Installation
-    await this.createInstallation();
+  public async init(deviceDescription: string, permittedIps: string[] = [], skipInstallationAndDevice: boolean = false): Promise<void> {
+    if (!skipInstallationAndDevice) {
+      // Step 1: Installation
+      await this.createInstallation();
+      
+      // Step 2: Device registration
+      await this.registerDevice(deviceDescription, permittedIps);
+    }
    
-    // Step 2: Device registration
-    await this.registerDevice(deviceDescription, permittedIps);
-    
-    // Step 3: Session creation
+    // Step 3: Session creation (always required)
    await this.createSession();
  }
Author	SHA1	Message	Date
Juergen Kunz	f790984a95	fix(oauth): remove OAuth session caching to prevent authentication issues	2025-07-25 00:44:04 +00:00
Juergen Kunz	9011390dc4	fix(oauth): fix OAuth token authentication flow for existing installations	2025-07-24 12:28:50 +00:00
Juergen Kunz	76c6b95f3d	feat(oauth): add OAuth session caching to prevent multiple authentication attempts	2025-07-22 22:56:50 +00:00