(input: {
readonly tokenEndpoint: string;
readonly clientId: string;
readonly refreshToken: string;
})
| 283 | * providers that issue refresh tokens reach here (WorkOS, which is form-encoded |
| 284 | * per RFC 8628); Better Auth's device flow issues no refresh token. */ |
| 285 | export const refreshDeviceTokens = async (input: { |
| 286 | readonly tokenEndpoint: string; |
| 287 | readonly clientId: string; |
| 288 | readonly refreshToken: string; |
| 289 | }): Promise<DeviceTokens> => { |
| 290 | const response = await post( |
| 291 | input.tokenEndpoint, |
| 292 | { |
| 293 | grant_type: "refresh_token", |
| 294 | refresh_token: input.refreshToken, |
| 295 | client_id: input.clientId, |
| 296 | }, |
| 297 | "form", |
| 298 | ); |
| 299 | const body = await readJson(response); |
| 300 | if (!response.ok) { |
| 301 | throw new DeviceLoginError( |
| 302 | `Token refresh failed: ${asString(body.error_description) ?? asString(body.error) ?? `HTTP ${response.status}`}`, |
| 303 | ); |
| 304 | } |
| 305 | const accessToken = asString(body.access_token); |
| 306 | if (!accessToken) throw new DeviceLoginError("Refresh response was missing an access token."); |
| 307 | return { |
| 308 | accessToken, |
| 309 | refreshToken: asString(body.refresh_token) ?? input.refreshToken, |
| 310 | expiresAt: deriveExpiresAt({ accessToken, expiresIn: asNumber(body.expires_in) }), |
| 311 | }; |
| 312 | }; |
| 313 | |
| 314 | export type BrowserOpenCommand = readonly [command: string, args: ReadonlyArray<string>]; |
| 315 |
no test coverage detected