Add support for extra parameters in refresh requests

luisgoncalves · luisgoncalves · commit 9fd55b666ae9 · 2025-04-29T14:29:41.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Token Handler Assistant Changelog
 
+## [Pending]
+ 
+- Add support for extra parameters in refresh requests
+
 ## [1.1.0] - 2024-08-12
 
 - Send `token-handler-version` header in all requests
diff --git a/src/oauth-agent-client.ts b/src/oauth-agent-client.ts
@@ -16,6 +16,7 @@ import {
   EndLoginRequest,
   LogoutResponse,
   OAuthAgentRemoteError,
+  RefreshRequest,
   RefreshResponse,
   SessionResponse,
   StartLoginRequest,
@@ -48,13 +49,16 @@ export class OAuthAgentClient {
 
   /**
    * Refreshes the access token. Calls the `/refresh` endpoint.
+   * 
+  * @param request the refresh request possibly containing extra parameters
    *
    * @return the refresh token response possibly containing the new access token's expiration time
-   *
+   * 
    * @throws OAuthAgentRemoteError when OAuth Agent responded with an error
    */
-  async refresh(): Promise<RefreshResponse> {
-    const refreshResponse = await this.fetch("POST", "refresh")
+  async refresh(request?: RefreshRequest): Promise<RefreshResponse> {
+    const urlSearchParams = this.toUrlSearchParams(request?.extraRefreshParameters)
+    const refreshResponse = await this.fetch("POST", "refresh", urlSearchParams)
 
     return {
       accessTokenExpiresIn: refreshResponse.access_token_expires_in
@@ -175,7 +179,7 @@ export class OAuthAgentClient {
       'token-handler-version': '1'
     } as Record<string, string>
 
-    if (path == 'login/start' || path == 'login/end') {
+    if (content && content.size !== 0) {
       headers["content-type"] = 'application/x-www-form-urlencoded'
     }
 
diff --git a/src/types.ts b/src/types.ts
@@ -17,7 +17,6 @@
  * (such as `scope`, `login_hint` or `ui_locales`). These parameters will be used in the authorization request.
  * Each parameter has to be explicitly allowed in the configuration of the token handler application
  * in the Curity server.
- *
  */
 export interface StartLoginRequest {
   readonly extraAuthorizationParameters?: { [key: string]: string };
@@ -54,6 +53,17 @@ export interface SessionResponse {
   readonly accessTokenExpiresIn?: number;
 }
 
+/**
+ * Passed to {@link OAuthAgentClient#refresh} function.
+ */
+export interface RefreshRequest {
+  /**
+   * Extra parameters to be used in the token refresh request.
+   * Each parameter has to be explicitly allowed in the configuration of the token handler application
+   * in the Curity server.
+   */
+  readonly extraRefreshParameters?: { [key: string]: string };
+}
 
 /**
  * Returned from the {@link OAuthAgentClient#refresh} function. Contains:
