node-steam-session icon indicating copy to clipboard operation
node-steam-session copied to clipboard
verified publisher icon DoctorMcKay

Expose decoded tokens

Open Aareksio opened this issue 2 years ago • 3 comments

Is your feature request related to a problem? Please describe.

As steam-session consumer I would like to know when to call renewRefreshToken() and refreshAccessToken().

Describe the solution you'd like

Expose decoded refreshToken and accessToken as properties or getters

Describe alternatives you've considered

Decode JWT in user application. This approach is likely to introduce overkill libraries to user code. Since steam-session is already capable of decoding tokens (and does so), exposing the data seems like a natural solution.

Aareksio avatar Oct 20 '23 03:10 Aareksio

I really don't think this belongs in steam-session's API. Purpose-built JWT decoders are more appropriate here.

DoctorMcKay avatar Oct 20 '23 05:10 DoctorMcKay

You are right decoding the whole token is outside of the scope.

However, knowing if the refresh token is expiring (shortly) seems plausible. Knowing the expiration time is required for promptly renewal. As the library already decodes the tokens, exposing the expiration time seems like better solution, then asking users to bring their own JWT decoder.

Aareksio avatar Oct 20 '23 11:10 Aareksio

I don't have any way of saying with 100% confidence that Valve is always going to use JWTs. I don't want to expose any API that operates off of assumptions. Yes, the module decodes and inspects JWT data internally, but that's mostly just to provide value-adds in the form of keeping people from passing the wrong kinds of tokens and getting confused when things don't work.

DoctorMcKay avatar Oct 21 '23 12:10 DoctorMcKay