okta-auth-js Token getters return indeterminate result according to object iteration order

Token getters return indeterminate result according to object iteration order

Open rwev opened this issue 2 years ago • 3 comments

Describe the bug?

The return value of OktaAuth.getAccessToken. depends on order of iteration over the storage location. The last token of type AccessToken seen in the iteration is returned.

The root problem lies in getTokensSync:

getTokensSync(): Tokens {
    const tokens = {} as Tokens;
    const tokenStorage = this.storage.getStorage();
    Object.keys(tokenStorage).forEach(key => {
      const token = tokenStorage[key];
      if (isAccessToken(token)) {
        tokens.accessToken = token;
      } else if (isIDToken(token)) {
        tokens.idToken = token;
      } else if (isRefreshToken(token)) { 
        tokens.refreshToken = token;
      }
    });
    return tokens;
  }

The same problem and root cause applies to the getters for the other token types, e.g. getRefreshToken().

What is expected to happen?

Return the accessToken at ACCESS_TOKEN_STORAGE_KEY

Similarly, ror getRefreshToken, return the token at REFRESH_TOKEN_STORAGE_KEY

What is the actual behavior?

Returns an indeterminate token according the the object iteration order.

Reproduction Steps?

Use any of the aforementioned getters with multiple tokens of each type in storage.

SDK Versions

@latest

Execution Environment

All applicable

Additional Information?

No response

Dec 28 '22 22:12 rwev

okta-auth-js okta-auth-js copied to clipboard

Token getters return indeterminate result according to object iteration order

Describe the bug?

What is expected to happen?

What is the actual behavior?

Reproduction Steps?

SDK Versions

Execution Environment

Additional Information?

okta-auth-js
okta-auth-js copied to clipboard