Merge pull request #130 from agnosticeng/fix/embedded-auth

fix: use jose to decode jwt from parent app

package-lock.json

@@ -26,6 +26,7 @@
 				"d3": "^7.9.0",
 				"dayjs": "^1.11.18",
 				"highlight.js": "^11.11.1",
+				"jose": "^6.1.0",
 				"lodash": "^4.17.21",
 				"marked": "^16.4.1",
 				"marked-highlight": "^2.2.2",
@@ -2349,6 +2350,15 @@
 			"integrity": "sha512-tFLRAygk9NqrRPhJSnNGh7g7oaVWDwR0wKh/GM2LgmPa50Eg4UfyaCO4I8k6EqJHl1/uh2RAD6g06n5ygEnrjQ==",
 			"license": "ISC"
 		},
+		"node_modules/jose": {
+			"version": "6.1.0",
+			"resolved": "https://registry.npmjs.org/jose/-/jose-6.1.0.tgz",
+			"integrity": "sha512-TTQJyoEoKcC1lscpVDCSsVgYzUDg/0Bt3WE//WiTPK6uOCQC2KZS4MpugbMWt/zyjkopgZoXhZuCi00gLudfUA==",
+			"license": "MIT",
+			"funding": {
+				"url": "https://github.com/sponsors/panva"
+			}
+		},
 		"node_modules/kleur": {
 			"version": "4.1.5",
 			"resolved": "https://registry.npmjs.org/kleur/-/kleur-4.1.5.tgz",

package.json

@@ -32,6 +32,7 @@
 		"d3": "^7.9.0",
 		"dayjs": "^1.11.18",
 		"highlight.js": "^11.11.1",
+		"jose": "^6.1.0",
 		"lodash": "^4.17.21",
 		"marked": "^16.4.1",
 		"marked-highlight": "^2.2.2",

src/lib/auth/embedded-handler.ts

@@ -1,4 +1,5 @@
-import type { AuthService, AuthSession } from './service';
+import { decodeJwt } from 'jose/jwt/decode';
+import type { AuthService } from './service';
 
 export class EmbeddedAuthHandler {
 	constructor(private service: AuthService) {
@@ -9,10 +10,8 @@ export class EmbeddedAuthHandler {
 		const url = new URL(window.location.href);
 		const token = url.searchParams.get('token');
 		if (token) {
-			const decoded = JSON.parse(atob(token.split('.')[1]));
-			const expiresAt = +(decoded.exp ?? Date.now() + 3600 * 1000);
-			const session: AuthSession = { idToken: token, expiresAt };
-			await this.service.setSession(session);
+			const claims = decodeJwt(token);
+			if (claims.exp) await this.service.setSession({ idToken: token, expiresAt: claims.exp });
 		}
 	}
 }