feat(WEB-215): add refresh_token

auth.ts

@@ -55,7 +55,8 @@ export const config = {
     async signIn() {
       return true
     },
-    async session({ session, token, user }) {
+    async session({ session, token }) {
+      session.error = token.error
       if (session.user) {
         return {
           ...session,
@@ -95,13 +96,54 @@ export const config = {
     async authorized({ auth, request }) {
       return true
     },
-    async jwt({ session, token, trigger, account }) {
+    async jwt({ account, session, token, trigger }) {
       if (account) {
         return {
           access_token: account.access_token,
+          expires_at: account.expires_at
+            ? account.expires_at * 1000
+            : undefined,
+          refresh_token: account.refresh_token,
+        }
+      } else if (Date.now() < token.expires_at) {
+        return token
+      } else {
+        try {
+          const response = await fetch(
+            `${env.CURITY_ISSUER_USER}/oauth/v2/token`,
+            {
+              body: new URLSearchParams({
+                client_id: env.CURITY_CLIENT_ID_USER,
+                client_secret: env.CURITY_CLIENT_SECRET_USER,
+                grant_type: "refresh_token",
+                refresh_token: token.refresh_token,
+              }),
+              headers: {
+                "Content-Type": "application/x-www-form-urlencoded",
+              },
+              method: "POST",
+            }
+          )
+
+          const tokens = await response.json()
+
+          if (!response.ok) {
+            throw tokens
+          }
+
+          return {
+            ...token,
+            access_token: tokens.access_token,
+            expires_at: tokens.expires_at,
+            refresh_token: tokens.refresh_token ?? token.refresh_token,
+          }
+        } catch (error) {
+          return {
+            ...token,
+            error: "RefreshAccessTokenError" as const,
+          }
         }
       }
-      return token
     },
   },
   // events: {