Refactor token request and exchange logic for improved clarity and error handling

kavindadimuthu · kavindadimuthu · commit 75b9840d5638 · 2026-02-25T17:28:45.000+05:30
diff --git a/packages/javascript/src/__legacy__/client.ts b/packages/javascript/src/__legacy__/client.ts
@@ -317,97 +317,93 @@ export class AsgardeoAuthClient<T> {
       params: Record<string, unknown>;
     },
   ): Promise<TokenResponse> {
-    const performTokenRequest = async (): Promise<TokenResponse> => {
-      const tokenEndpoint: string | undefined = (await this.oidcProviderMetaDataProvider()).token_endpoint;
-      const configData: StrictAuthClientConfig = await this.configProvider();
-
-      if (!tokenEndpoint || tokenEndpoint.trim().length === 0) {
-        throw new AsgardeoAuthException(
-          'JS-AUTH_CORE-RAT1-NF01',
-          'Token endpoint not found.',
-          'No token endpoint was found in the OIDC provider meta data returned by the well-known endpoint ' +
-            'or the token endpoint passed to the SDK is empty.',
-        );
-      }
+    if (
+      !(await this.storageManager.getTemporaryDataParameter(
+        OIDCDiscoveryConstants.Storage.StorageKeys.OPENID_PROVIDER_CONFIG_INITIATED,
+      ))
+    ) {
+      await this.loadOpenIDProviderConfiguration(false);
+    }
 
-      if (sessionState) {
-        await this.storageManager.setSessionDataParameter(
-          OIDCRequestConstants.Params.SESSION_STATE as keyof SessionData,
-          sessionState,
-          userId,
-        );
-      }
+    const tokenEndpoint: string | undefined = (await this.oidcProviderMetaDataProvider()).token_endpoint;
+    const configData: StrictAuthClientConfig = await this.configProvider();
 
-      const body: URLSearchParams = new URLSearchParams();
+    if (!tokenEndpoint || tokenEndpoint.trim().length === 0) {
+      throw new AsgardeoAuthException(
+        'JS-AUTH_CORE-RAT1-NF01',
+        'Token endpoint not found.',
+        'No token endpoint was found in the OIDC provider meta data returned by the well-known endpoint ' +
+          'or the token endpoint passed to the SDK is empty.',
+      );
+    }
 
-      body.set('client_id', configData.clientId);
+    if (sessionState) {
+      await this.storageManager.setSessionDataParameter(
+        OIDCRequestConstants.Params.SESSION_STATE as keyof SessionData,
+        sessionState,
+        userId,
+      );
+    }
 
-      if (configData.clientSecret && configData.clientSecret.trim().length > 0) {
-        body.set('client_secret', configData.clientSecret);
-      }
+    const body: URLSearchParams = new URLSearchParams();
 
-      const code: string = authorizationCode;
+    body.set('client_id', configData.clientId);
 
-      body.set('code', code);
+    if (configData.clientSecret && configData.clientSecret.trim().length > 0) {
+      body.set('client_secret', configData.clientSecret);
+    }
 
-      body.set('grant_type', 'authorization_code');
-      body.set('redirect_uri', configData.afterSignInUrl);
+    const code: string = authorizationCode;
 
-      if (tokenRequestConfig?.params) {
-        Object.entries(tokenRequestConfig.params).forEach(([key, value]: [key: string, value: unknown]) => {
-          body.append(key, value as string);
-        });
-      }
+    body.set('code', code);
 
-      if (configData.enablePKCE) {
-        body.set(
-          'code_verifier',
-          `${await this.storageManager.getTemporaryDataParameter(extractPkceStorageKeyFromState(state), userId)}`,
-        );
+    body.set('grant_type', 'authorization_code');
+    body.set('redirect_uri', configData.afterSignInUrl);
 
-        await this.storageManager.removeTemporaryDataParameter(extractPkceStorageKeyFromState(state), userId);
-      }
+    if (tokenRequestConfig?.params) {
+      Object.entries(tokenRequestConfig.params).forEach(([key, value]: [key: string, value: unknown]) => {
+        body.append(key, value as string);
+      });
+    }
 
-      let tokenResponse: Response;
+    if (configData.enablePKCE) {
+      body.set(
+        'code_verifier',
+        `${await this.storageManager.getTemporaryDataParameter(extractPkceStorageKeyFromState(state), userId)}`,
+      );
 
-      try {
-        tokenResponse = await fetch(tokenEndpoint, {
-          body,
-          credentials: configData.sendCookiesInRequests ? 'include' : 'same-origin',
-          headers: {
-            Accept: 'application/json',
-            'Content-Type': 'application/x-www-form-urlencoded',
-          },
-          method: 'POST',
-        });
-      } catch (error: any) {
-        throw new AsgardeoAuthException(
-          'JS-AUTH_CORE-RAT1-NE02',
-          'Requesting access token failed',
-          error ?? 'The request to get the access token from the server failed.',
-        );
-      }
+      await this.storageManager.removeTemporaryDataParameter(extractPkceStorageKeyFromState(state), userId);
+    }
 
-      if (!tokenResponse.ok) {
-        throw new AsgardeoAuthException(
-          'JS-AUTH_CORE-RAT1-HE03',
-          `Requesting access token failed with ${tokenResponse.statusText}`,
-          (await tokenResponse.json()) as string,
-        );
-      }
+    let tokenResponse: Response;
 
-      return this.authHelper.handleTokenResponse(tokenResponse, userId);
-    };
+    try {
+      tokenResponse = await fetch(tokenEndpoint, {
+        body,
+        credentials: configData.sendCookiesInRequests ? 'include' : 'same-origin',
+        headers: {
+          Accept: 'application/json',
+          'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        method: 'POST',
+      });
+    } catch (error: any) {
+      throw new AsgardeoAuthException(
+        'JS-AUTH_CORE-RAT1-NE02',
+        'Requesting access token failed',
+        error ?? 'The request to get the access token from the server failed.',
+      );
+    }
 
-    if (
-      await this.storageManager.getTemporaryDataParameter(
-        OIDCDiscoveryConstants.Storage.StorageKeys.OPENID_PROVIDER_CONFIG_INITIATED,
-      )
-    ) {
-      return performTokenRequest();
+    if (!tokenResponse.ok) {
+      throw new AsgardeoAuthException(
+        'JS-AUTH_CORE-RAT1-HE03',
+        `Requesting access token failed with ${tokenResponse.statusText}`,
+        (await tokenResponse.json()) as string,
+      );
     }
 
-    return this.loadOpenIDProviderConfiguration(false).then(() => performTokenRequest());
+    return this.authHelper.handleTokenResponse(tokenResponse, userId);
   }
 
   public async loadOpenIDProviderConfiguration(forceInit: boolean): Promise<void> {
@@ -914,89 +910,85 @@ export class AsgardeoAuthClient<T> {
    * @preserve
    */
   public async exchangeToken(config: TokenExchangeRequestConfig, userId?: string): Promise<TokenResponse | Response> {
-    const executeTokenExchange = async (): Promise<TokenResponse | Response> => {
-      const oidcProviderMetadata: OIDCDiscoveryApiResponse = await this.oidcProviderMetaDataProvider();
-      const configData: StrictAuthClientConfig = await this.configProvider();
-
-      let tokenEndpoint: string | undefined;
+    if (
+      !(await this.storageManager.getTemporaryDataParameter(
+        OIDCDiscoveryConstants.Storage.StorageKeys.OPENID_PROVIDER_CONFIG_INITIATED,
+      ))
+    ) {
+      await this.loadOpenIDProviderConfiguration(false);
+    }
 
-      if (config.tokenEndpoint && config.tokenEndpoint.trim().length !== 0) {
-        tokenEndpoint = config.tokenEndpoint;
-      } else {
-        tokenEndpoint = oidcProviderMetadata.token_endpoint;
-      }
+    const oidcProviderMetadata: OIDCDiscoveryApiResponse = await this.oidcProviderMetaDataProvider();
+    const configData: StrictAuthClientConfig = await this.configProvider();
 
-      if (!tokenEndpoint || tokenEndpoint.trim().length === 0) {
-        throw new AsgardeoAuthException(
-          'JS-AUTH_CORE-RCG-NF01',
-          'Token endpoint not found.',
-          'No token endpoint was found in the OIDC provider meta data returned by the well-known endpoint ' +
-            'or the token endpoint passed to the SDK is empty.',
-        );
-      }
+    let tokenEndpoint: string | undefined;
 
-      const data: string[] = await Promise.all(
-        Object.entries(config.data).map(async ([key, value]: [key: string, value: any]) => {
-          const newValue: string = await this.authHelper.replaceCustomGrantTemplateTags(value as string, userId);
+    if (config.tokenEndpoint && config.tokenEndpoint.trim().length !== 0) {
+      tokenEndpoint = config.tokenEndpoint;
+    } else {
+      tokenEndpoint = oidcProviderMetadata.token_endpoint;
+    }
 
-          return `${key}=${newValue}`;
-        }),
+    if (!tokenEndpoint || tokenEndpoint.trim().length === 0) {
+      throw new AsgardeoAuthException(
+        'JS-AUTH_CORE-RCG-NF01',
+        'Token endpoint not found.',
+        'No token endpoint was found in the OIDC provider meta data returned by the well-known endpoint ' +
+          'or the token endpoint passed to the SDK is empty.',
       );
+    }
 
-      let requestHeaders: Record<string, any> = {
-        Accept: 'application/json',
-        'Content-Type': 'application/x-www-form-urlencoded',
-      };
+    const data: string[] = await Promise.all(
+      Object.entries(config.data).map(async ([key, value]: [key: string, value: any]) => {
+        const newValue: string = await this.authHelper.replaceCustomGrantTemplateTags(value as string, userId);
 
-      if (config.attachToken) {
-        requestHeaders = {
-          ...requestHeaders,
-          Authorization: `Bearer ${(await this.storageManager.getSessionData(userId)).access_token}`,
-        };
-      }
+        return `${key}=${newValue}`;
+      }),
+    );
 
-      const requestConfig: RequestInit = {
-        body: data.join('&'),
-        credentials: configData.sendCookiesInRequests ? 'include' : 'same-origin',
-        headers: new Headers(requestHeaders),
-        method: 'POST',
-      };
+    let requestHeaders: Record<string, any> = {
+      Accept: 'application/json',
+      'Content-Type': 'application/x-www-form-urlencoded',
+    };
 
-      let response: Response;
+    if (config.attachToken) {
+      requestHeaders = {
+        ...requestHeaders,
+        Authorization: `Bearer ${(await this.storageManager.getSessionData(userId)).access_token}`,
+      };
+    }
 
-      try {
-        response = await fetch(tokenEndpoint, requestConfig);
-      } catch (error: any) {
-        throw new AsgardeoAuthException(
-          'JS-AUTH_CORE-RCG-NE02',
-          'The custom grant request failed.',
-          error ?? 'The request sent to get the custom grant failed.',
-        );
-      }
+    const requestConfig: RequestInit = {
+      body: data.join('&'),
+      credentials: configData.sendCookiesInRequests ? 'include' : 'same-origin',
+      headers: new Headers(requestHeaders),
+      method: 'POST',
+    };
 
-      if (response.status !== 200 || !response.ok) {
-        throw new AsgardeoAuthException(
-          'JS-AUTH_CORE-RCG-HE03',
-          `Invalid response status received for the custom grant request. (${response.statusText})`,
-          (await response.json()) as string,
-        );
-      }
+    let response: Response;
 
-      if (config.returnsSession) {
-        return this.authHelper.handleTokenResponse(response, userId);
-      }
-      return Promise.resolve((await response.json()) as TokenResponse | Response);
-    };
+    try {
+      response = await fetch(tokenEndpoint, requestConfig);
+    } catch (error: any) {
+      throw new AsgardeoAuthException(
+        'JS-AUTH_CORE-RCG-NE02',
+        'The custom grant request failed.',
+        error ?? 'The request sent to get the custom grant failed.',
+      );
+    }
 
-    if (
-      await this.storageManager.getTemporaryDataParameter(
-        OIDCDiscoveryConstants.Storage.StorageKeys.OPENID_PROVIDER_CONFIG_INITIATED,
-      )
-    ) {
-      return executeTokenExchange();
+    if (response.status !== 200 || !response.ok) {
+      throw new AsgardeoAuthException(
+        'JS-AUTH_CORE-RCG-HE03',
+        `Invalid response status received for the custom grant request. (${response.statusText})`,
+        (await response.json()) as string,
+      );
     }
 
-    return this.loadOpenIDProviderConfiguration(false).then(() => executeTokenExchange());
+    if (config.returnsSession) {
+      return this.authHelper.handleTokenResponse(response, userId);
+    }
+    return Promise.resolve((await response.json()) as TokenResponse | Response);
   }
 
   /**
diff --git a/packages/javascript/src/__legacy__/helpers/authentication-helper.ts b/packages/javascript/src/__legacy__/helpers/authentication-helper.ts
@@ -253,7 +253,7 @@ export class AuthenticationHelper<T> {
       }
       sessionData = await this.storageManager.getSessionData(userId, instanceKey);
 
-      if (!sessionData.access_token) {
+      if (!sessionData || !sessionData.access_token) {
         throw new AsgardeoAuthException(
           'JS-AUTH_HELPER-RCGTT-NE01',
           'No session data found for source instance.',

Original file line number	Diff line number	Diff line change
`@@ -253,7 +253,7 @@ export class AuthenticationHelper<T> {`
`253`	`253`	`}`
`254`	`254`	`sessionData = await this.storageManager.getSessionData(userId, instanceKey);`
`255`	`255`
`256`		`- if (!sessionData.access_token) {`
	`256`	`+ if (!sessionData \|\| !sessionData.access_token) {`
`257`	`257`	`throw new AsgardeoAuthException(`
`258`	`258`	`'JS-AUTH_HELPER-RCGTT-NE01',`
`259`	`259`	`'No session data found for source instance.',`