How to detect when a token refresh was made

[ofhouse]

Hey,
I am using the GraphQL client (@octokit/graphql) together with the OAuth authentication strategy (@octokit/auth-oauth-user) like this:

import { createOAuthUserAuth } from '@octokit/auth-oauth-user';
import { graphql } from '@octokit/graphql';

const {
  accessToken,
  accessTokenExpiresAt,
  refreshToken,
  refreshTokenExpiresAt,
} = await getTokenFromDatabase();

const userAuth = createOAuthUserAuth({
  clientId: secretStore.getGithubClientId(),
  clientSecret: secretStore.getGithubClientSecret(),
  clientType: 'github-app',
  token: accessToken,
  // Expects ISO 8601
  expiresAt: accessTokenExpiresAt.toISOString(),
  refreshToken,
  // Expects ISO 8601
  refreshTokenExpiresAt: refreshTokenExpiresAt.toISOString(),
});

const apiClient = graphql.defaults({
  request: {
    hook: userAuth.hook,
  },
});

The createOAuthUserAuth function has the ability to request a new access token on the fly when expiresAt is reached (See code).

Since the accessToken is saved to a database in our case, I would like to detect when a refresh was made during a request against the API, so that I can update the accessToken in the database.
Is there any way to add a callback (or something similar) that gets executed when a token refresh was made?

[timrogers]

Hey,

I am using the GraphQL client (@octokit/graphql) together with the OAuth authentication strategy (@octokit/auth-oauth-user) like this:

import { createOAuthUserAuth } from '@octokit/auth-oauth-user';

import { graphql } from '@octokit/graphql';



const {

  accessToken,

  accessTokenExpiresAt,

  refreshToken,

  refreshTokenExpiresAt,

} = await getTokenFromDatabase();



const userAuth = createOAuthUserAuth({

  clientId: secretStore.getGithubClientId(),

  clientSecret: secretStore.getGithubClientSecret(),

  clientType: 'github-app',

  token: accessToken,

  // Expects ISO 8601

  expiresAt: accessTokenExpiresAt.toISOString(),

  refreshToken,

  // Expects ISO 8601

  refreshTokenExpiresAt: refreshTokenExpiresAt.toISOString(),

});



const apiClient = graphql.defaults({

  request: {

    hook: userAuth.hook,

  },

});

The createOAuthUserAuth function has the ability to request a new access token on the fly when expiresAt is reached (See code).

Since the accessToken is saved to a database in our case, I would like to detect when a refresh was made during a request against the API, so that I can update the accessToken in the database.

Is there any way to add a callback (or something similar) that gets executed when a token refresh was made?

Thanks for reaching out! This feels like a reasonable request to me, and a callback could be a nice way to I planent it whilst keeping the "hook" abstraction.

@octokit/js-community What do you think?

[gr2m]

Sounds like a good idea, can you open an issue in https://github.com/octokit/auth-oauth-user.js for the feature request, and include your use case?

For the time being, you can workaround by using the @octokit/core SDK instead of the @octokit/graphql function. It won't add a lot of code, we keep the core SDK intentionally very lightweight. Using the core SDK will give you hooks, which you could use to hook into the request life cycle, and each time a token was refreshed / created, you could save it to your database.

@octokit/auth-oauth-user already has an onVerification option, we could add a new onTokenCreated option, which could pass a flag whether it was a refresh or not?

[ofhouse]

Thanks for the quick response.
Created a feature request ticket here: octokit/auth-oauth-user.js#86

Tried to use it with the Octokit hooks as suggested, but had no luck since the hooks were not called for the internal requests to https://github.com/login/oauth/access_token.
Filled a separate bug ticket for this here: octokit/auth-oauth-user.js#87

[gr2m]

Danke Felix!

I have both issues in my backlog so I won't forget to check them out, but it might take a while. I'm on parental leave and have little time for @octokit right now. And the time I have I'll spend on https://github.com/octokit/octokit-next.js as it's a big blocker for the over JavaScript Octokit

[ofhouse]

Haha nice, thank you for the update! 🇩🇪
Think we'll be able to workaround the issue in the meantime, so this is no blocker on our side.

It's impressing how far you have taken the Octokit project, so you really deserve a break! Enjoy the time with your family!

Will close the thread here, since all actionable steps have their own ticket.