diff --git a/src/session.spec.ts b/src/session.spec.ts index 456e11c..39a6027 100644 --- a/src/session.spec.ts +++ b/src/session.spec.ts @@ -717,6 +717,20 @@ describe('session', () => { authenticateWithRefreshToken.mockResolvedValue({ accessToken: 'new.valid.token', refreshToken: 'new.refresh.token', + user: { + object: 'user', + id: 'user-1', + email: 'test@example.com', + emailVerified: true, + profilePictureUrl: null, + firstName: 'Test', + lastName: 'User', + lastSignInAt: '2021-01-01T00:00:00Z', + createdAt: '2021-01-01T00:00:00Z', + updatedAt: '2021-01-01T00:00:00Z', + externalId: null, + }, + impersonator: undefined, } as AuthenticationResponse); // Mock JWT decoding diff --git a/src/session.ts b/src/session.ts index e4bf4f6..dc4175b 100644 --- a/src/session.ts +++ b/src/session.ts @@ -45,17 +45,18 @@ export async function refreshSession(request: Request, { organizationId }: { org } try { - const { accessToken, refreshToken } = await getWorkOS().userManagement.authenticateWithRefreshToken({ - clientId: getConfig('clientId'), - refreshToken: session.refreshToken, - organizationId, - }); + const { accessToken, refreshToken, user, impersonator } = + await getWorkOS().userManagement.authenticateWithRefreshToken({ + clientId: getConfig('clientId'), + refreshToken: session.refreshToken, + organizationId, + }); const newSession = { accessToken, refreshToken, - user: session.user, - impersonator: session.impersonator, + user, + impersonator, headers: {} as Record, }; @@ -77,7 +78,7 @@ export async function refreshSession(request: Request, { organizationId }: { org } = getClaimsFromAccessToken(accessToken); return { - user: session.user, + user, sessionId, accessToken, organizationId: newOrgId, @@ -85,7 +86,7 @@ export async function refreshSession(request: Request, { organizationId }: { org permissions, entitlements, featureFlags, - impersonator: session.impersonator || null, + impersonator: impersonator ?? null, sealedSession: cookieSession.get('jwt'), headers: newSession.headers, }; @@ -119,11 +120,12 @@ async function updateSession(request: Request, debug: boolean) { const { organizationId } = getClaimsFromAccessToken(session.accessToken); // If the session is invalid (i.e. the access token has expired) attempt to re-authenticate with the refresh token - const { accessToken, refreshToken } = await getWorkOS().userManagement.authenticateWithRefreshToken({ - clientId: getConfig('clientId'), - refreshToken: session.refreshToken, - organizationId, - }); + const { accessToken, refreshToken, user, impersonator } = + await getWorkOS().userManagement.authenticateWithRefreshToken({ + clientId: getConfig('clientId'), + refreshToken: session.refreshToken, + organizationId, + }); // istanbul ignore next if (debug) console.log(`Refresh successful. New access token ends in ${accessToken.slice(-10)}`); @@ -131,8 +133,8 @@ async function updateSession(request: Request, debug: boolean) { const newSession = { accessToken, refreshToken, - user: session.user, - impersonator: session.impersonator, + user, + impersonator, headers: {}, };