feat: refresh session with a writer and a given token (#698)

aviadl · web-flow · commit a28b400229aa · 2026-02-26T17:49:26.000+02:00
+ tests fixes descope/etc#14313
diff --git a/descope/internal/auth/auth.go b/descope/internal/auth/auth.go
@@ -426,6 +426,13 @@ func (auth *authenticationService) RefreshSessionWithToken(ctx context.Context,
 	return auth.refreshSession(ctx, refreshToken, nil)
 }
 
+func (auth *authenticationService) RefreshSessionWithTokenAndWriter(ctx context.Context, refreshToken string, w http.ResponseWriter) (bool, *descope.Token, error) {
+	if refreshToken == "" {
+		return false, nil, utils.NewInvalidArgumentError("refreshToken")
+	}
+	return auth.refreshSession(ctx, refreshToken, w)
+}
+
 func (auth *authenticationService) refreshSession(ctx context.Context, refreshToken string, w http.ResponseWriter) (bool, *descope.Token, error) {
 	token, err := auth.validateJWT(refreshToken)
 	if err != nil {
diff --git a/descope/internal/auth/auth_test.go b/descope/internal/auth/auth_test.go
@@ -388,6 +388,24 @@ func TestRefreshSessionWithTokenInvalidInput(t *testing.T) {
 	require.False(t, ok)
 }
 
+func TestRefreshSessionWithTokenAndWriter(t *testing.T) {
+	a, err := newTestAuth(nil, DoOk(nil))
+	require.NoError(t, err)
+	response := httptest.NewRecorder()
+	ok, _, err := a.RefreshSessionWithTokenAndWriter(context.Background(), jwtRTokenValid, response)
+	require.NoError(t, err)
+	require.True(t, ok)
+	strictCookies(t, response)
+}
+
+func TestRefreshSessionWithTokenAndWriterInvalidInput(t *testing.T) {
+	a, err := newTestAuth(nil, DoOk(nil))
+	require.NoError(t, err)
+	ok, _, err := a.RefreshSessionWithTokenAndWriter(context.Background(), "", nil)
+	require.ErrorIs(t, err, descope.ErrInvalidArguments)
+	require.False(t, ok)
+}
+
 func TestRefreshSessionWithTokenNoPublicKey(t *testing.T) {
 	a, err := newTestAuthConf(&AuthParams{ProjectID: "a"}, nil, DoOk(nil))
 	require.NoError(t, err)
diff --git a/descope/sdk/auth.go b/descope/sdk/auth.go
@@ -354,6 +354,12 @@ type Authentication interface {
 	// returns true upon success or false, the updated session token and an error upon failure.
 	RefreshSessionWithToken(ctx context.Context, refreshToken string) (bool, *descope.Token, error)
 
+	// RefreshSessionWithTokenAndWriter - Use to refresh a session with a given refresh token and ResponseWriter.
+	// Use the ResponseWriter (optional) to apply the cookies to the response automatically.
+	// Alternatively use RefreshSessionWithRequest with the incoming request.
+	// returns true upon success or false, the updated session token and an error upon failure.
+	RefreshSessionWithTokenAndWriter(ctx context.Context, refreshToken string, w http.ResponseWriter) (bool, *descope.Token, error)
+
 	// ValidateAndRefreshSessionWithRequest - Use to validate a session of a given request.
 	// Should be called before any private API call that requires authorization.
 	// In case the request cookie can be renewed an automatic renewal is called and returns a new set of cookies to use.
diff --git a/descope/tests/mocks/auth/authenticationmock.go b/descope/tests/mocks/auth/authenticationmock.go
@@ -654,6 +654,11 @@ type MockSession struct {
 	RefreshSessionResponseArray   []*descope.Token
 	RefreshSessionResponseCounter int
 
+	RefreshSessionWithTokenAndWriterAssert   func(refreshToken string, w http.ResponseWriter)
+	RefreshSessionWithTokenAndWriterError    error
+	RefreshSessionWithTokenAndWriterResponse *descope.Token
+	RefreshSessionWithTokenAndWriterFailure  bool
+
 	ExchangeAccessKeyAssert          func(accessKey string, loginOptions *descope.AccessKeyLoginOptions)
 	ExchangeAccessKeyError           error
 	ExchangeAccessKeyResponse        *descope.Token
@@ -774,6 +779,18 @@ func (m *MockSession) RefreshSessionWithToken(_ context.Context, refreshToken st
 	return !m.RefreshSessionResponseFailure, m.RefreshSessionResponse, m.RefreshSessionError
 }
 
+func (m *MockSession) RefreshSessionWithTokenAndWriter(_ context.Context, refreshToken string, w http.ResponseWriter) (bool, *descope.Token, error) {
+	if m.RefreshSessionWithTokenAndWriterFailure {
+		return false, nil, m.RefreshSessionWithTokenAndWriterError
+	}
+
+	if m.RefreshSessionWithTokenAndWriterAssert != nil {
+		m.RefreshSessionWithTokenAndWriterAssert(refreshToken, w)
+	}
+
+	return !m.RefreshSessionWithTokenAndWriterFailure, m.RefreshSessionWithTokenAndWriterResponse, m.RefreshSessionWithTokenAndWriterError
+}
+
 func (m *MockSession) ValidateAndRefreshSessionWithRequest(r *http.Request, w http.ResponseWriter) (bool, *descope.Token, error) {
 	if m.ValidateAndRefreshSessionAssert != nil {
 		m.ValidateAndRefreshSessionAssert(r, w)
