fix: TokenManager.renew(key) should renew only requested token

[denysoblohin-okta]

Current implementation of TokenManager.renew refreshes access token and id token together if user not specified responseType in OktaAuth config (as in #559 - responseType was used only in getWithoutPrompt and not in OktaAuth contructor).

okta-auth-js/lib/oidc/renewTokens.ts

Line 41 in 5e9af2f

const { responseType } = getDefaultTokenParams(sdk);

If user uses multiple access tokens with multiple keys (as in issue #559), TokenManager.renew will always use key of first access token in token storage to update any access token with new value:

okta-auth-js/lib/TokenManager.ts

Line 338 in 5e9af2f

emitRenewed(tokenMgmtRef, accessTokenKey, accessToken, oldTokenStorage[accessTokenKey]),

okta-auth-js/lib/TokenManager.ts

Line 187 in 5e9af2f

function getKeyByType(storage, type: TokenType): string {

This will lead to a problem when expired access token will stay in storage. And on resetExpireEventTimeoutAll timer to update will fire again

okta-auth-js/lib/TokenManager.ts

Line 139 in 5e9af2f

for(var key in tokenStorage) {

Internal ref: OKTA-352791
Issue: #559

[shuowu]

sdk.token.renew (oidc/renewToken) only handles renew in the hidden iframe way. This change should still keep the renew with refresh approach.

[codecov-io]

Codecov Report

Merging #656 (e5a8d01) into master (a81cd6d) will increase coverage by 0.15%.
The diff coverage is 90.00%.

@@            Coverage Diff             @@
##           master     #656      +/-   ##
==========================================
+ Coverage   92.72%   92.88%   +0.15%     
==========================================
  Files          67       67              
  Lines        2447     2599     +152     
  Branches      517      559      +42     
==========================================
+ Hits         2269     2414     +145     
- Misses        178      185       +7     

Impacted Files	Coverage Δ
lib/TokenManager.ts	96.25% <89.28%> (-1.48%)	⬇️
lib/browser/browser.ts	93.29% <100.00%> (+2.38%)	⬆️
lib/oidc/index.ts	100.00% <100.00%> (ø)
lib/OktaAuthBase.ts	88.88% <0.00%> (-1.12%)	⬇️
lib/oidc/getWithPopup.ts	100.00% <0.00%> (ø)
lib/oidc/getWithRedirect.ts	100.00% <0.00%> (ø)
lib/oidc/getWithoutPrompt.ts	100.00% <0.00%> (ø)
lib/oidc/util/defaultTokenParams.ts	100.00% <0.00%> (ø)
... and 1 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a81cd6d...e5a8d01. Read the comment docs.

[shuowu]

I think it would make sense to add a helper renew function in TokenManager to make the flows check (it's actually looks like a manager function).

Also, as we expose the renew functions from the top-level (browser.ts), behavior change in the lower-level functions looks like a breaking change to me (changes the public API authClient.token.renew, which should use getWithoutPrompt only).

[denysoblohin-okta]

Moved renew token with refresh token flow to TokenManager

[denysoblohin-okta]

@shuowu What do you think on the latest change?
I've moved renew token (with or without refresh token) logic to helper function _renewToken in TokenManager.
I've exposed renewTokensWithRefresh to Token API, to be able to use it in TokenManager (maybe should add _ prefix?).

[shuowu-okta]

Looks like this method does not exist anymore, remove?

[shuowu-okta]

remove?

[shuowu-okta]

remove?

[shuowu-okta]

remove?

[shuowu-okta]

We don't need to add renewTokensWithRefresh to the top level api, otherwise LGTM.

[shuowu]

Let's make the change as 4.9.0 (minor), since it adds new top level API.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 90.32258% with 3 lines in your changes missing coverage. Please review.

Project coverage is 92.66%. Comparing base (3599bb1) to head (9d9bc46).
Report is 542 commits behind head on master.

Files with missing lines	Patch %	Lines
lib/TokenManager.ts	90.00%	3 Missing ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #656      +/-   ##
==========================================
- Coverage   92.77%   92.66%   -0.11%     
==========================================
  Files          67       67              
  Lines        2435     2441       +6     
  Branches      515      516       +1     
==========================================
+ Hits         2259     2262       +3     
- Misses        176      179       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.