add ability to specify auth token duration on login (#183)

.changeset/loud-hornets-tickle.md

@@ -0,0 +1,6 @@
+---
+"@treasure-dev/tdk-react": patch
+"@treasure-dev/tdk-core": patch
+---
+
+Added ability to specify auth token duration with `authTokenDurationSec` config

.changeset/weak-bananas-rush.md

@@ -0,0 +1,5 @@
+---
+"@treasure-dev/auth": patch
+---
+
+Fixed auth token expiration time calculation

apps/api/src/index.ts

@@ -50,7 +50,6 @@ const main = async () => {
       kmsKey: env.TREASURE_AUTH_KMS_KEY,
       issuer: env.TREASURE_AUTH_ISSUER,
       audience: env.TREASURE_AUTH_AUDIENCE,
-      expirationTimeSeconds: 86_400, // 1 day
     }),
     thirdwebAuth: createThirdwebAuth({
       domain: env.TREASURE_AUTH_ISSUER,

apps/api/src/routes/auth.ts

@@ -94,7 +94,17 @@ export const authRoutes =
         },
       },
       async (req, reply) => {
-        const verifiedPayload = await thirdwebAuth.verifyPayload(req.body);
+        const {
+          body: {
+            payload: unverifiedPayload,
+            signature,
+            authTokenDurationSec = 86_400, // 1 day
+          },
+        } = req;
+        const verifiedPayload = await thirdwebAuth.verifyPayload({
+          payload: unverifiedPayload,
+          signature,
+        });
         if (!verifiedPayload.valid) {
           return reply
             .code(400)
@@ -225,8 +235,10 @@ export const authRoutes =
         const [authTokenResult, userSessionsResult] = await Promise.allSettled([
           auth.generateJWT<UserContext>(address, {
             issuer: payload.domain,
-            issuedAt: new Date(payload.issued_at),
-            expiresAt: new Date(payload.expiration_time),
+            issuedAt: new Date(),
+            expiresAt: new Date(
+              new Date().getTime() + authTokenDurationSec * 1000,
+            ),
             context: {
               id: user.id,
               email: profile.email,

apps/api/src/schema/auth.ts

@@ -33,6 +33,13 @@ export const readLoginPayloadReplySchema = loginPayloadSchema;
 export const loginBodySchema = Type.Object({
   payload: loginPayloadSchema,
   signature: Type.String(),
+  authTokenDurationSec: Type.Optional(
+    Type.Integer({
+      minimum: 3_600, // 1 minute
+      maximum: 604_800, // 1 week
+      default: 86_400, // 1 day
+    }),
+  ),
 });
 
 export const loginReplySchema = Type.Object({

packages/auth/src/auth.ts

@@ -53,9 +53,11 @@ export const createAuth = ({
         aud: overrides?.audience ?? audience ?? "treasure.lol",
         sub: subject,
         iat: Math.floor((overrides?.issuedAt ?? new Date()).getTime() / 1000),
-        exp:
-          Math.floor((overrides?.expiresAt ?? new Date()).getTime() / 1000) +
-          expirationTimeSeconds,
+        exp: Math.floor(
+          overrides?.expiresAt
+            ? overrides.expiresAt.getTime() / 1000
+            : new Date().getTime() / 1000 + expirationTimeSeconds,
+        ),
         ctx: overrides?.context ?? {},
       };
       const message = `${JWT_HEADER}.${base64url(JSON.stringify(payload))}`;

packages/core/src/connect/login.ts

@@ -171,9 +171,11 @@ export const createTreasureConnectClient = ({
 export const authenticateWallet = async ({
   wallet,
   tdk,
+  authTokenDurationSec,
 }: {
   wallet: Wallet;
   tdk: TDKAPI;
+  authTokenDurationSec?: number;
 }) => {
   const account = wallet.getAccount();
   if (!account) {
@@ -195,7 +197,10 @@ export const authenticateWallet = async ({
 
   // Log in with signed payload
   console.debug("[TDK] Logging in with signed payload");
-  return tdk.auth.logIn(signedPayload);
+  return tdk.auth.logIn({
+    ...signedPayload,
+    authTokenDurationSec,
+  });
 };
 
 export const sendEmailVerificationCode = async ({
@@ -224,6 +229,7 @@ export const logIn = async (params: ConnectWalletConfig & ConnectConfig) => {
     client,
     chainId = DEFAULT_TDK_CHAIN_ID,
     apiUri = DEFAULT_TDK_API_BASE_URI,
+    authOptions,
     sessionOptions,
     ...connectWalletParams
   } = params;
@@ -244,6 +250,7 @@ export const logIn = async (params: ConnectWalletConfig & ConnectConfig) => {
   const { token, user } = await authenticateWallet({
     wallet,
     tdk,
+    authTokenDurationSec: authOptions?.authTokenDurationSec,
   });
 
   // Set auth token and wallet on TDK so they can be used in future requests

packages/core/src/types.ts

@@ -6,6 +6,10 @@ import type { TDKAPI } from "./api";
 export type EcosystemIdString = `ecosystem.${string}`;
 export type TreasureConnectClient = ThirdwebClient;
 
+export type AuthOptions = {
+  authTokenDurationSec?: number;
+};
+
 export type SessionOptions = {
   backendWallet: string;
   approvedTargets: string[];
@@ -17,6 +21,7 @@ export type SessionOptions = {
 export type ConnectConfig = {
   apiUri?: string;
   chainId?: number;
+  authOptions?: AuthOptions;
   sessionOptions?: SessionOptions;
 };
 

packages/react/src/contexts/treasure.tsx

@@ -77,11 +77,12 @@ const TreasureProviderInner = ({
   clientId,
   ecosystemId = DEFAULT_TDK_ECOSYSTEM_ID,
   ecosystemPartnerId,
+  analyticsOptions,
+  authOptions,
+  launcherOptions,
   sessionOptions,
   autoConnectTimeout = 5_000,
   onConnect,
-  launcherOptions,
-  analyticsOptions,
 }: Props) => {
   const [isAuthenticating, setIsAuthenticating] = useState(false);
   const [user, setUser] = useState<User | undefined>();
@@ -245,6 +246,9 @@ const TreasureProviderInner = ({
       const result = await authenticateWallet({
         wallet,
         tdk,
+        authTokenDurationSec:
+          authOptions?.authTokenDurationSec ??
+          sessionOptions?.sessionDurationSec,
       });
       authToken = result.token;
       user = result.user;

packages/react/src/types.ts

@@ -1,6 +1,7 @@
 import type {
   AddressString,
   AppInfo,
+  AuthOptions,
   Contract,
   Device,
   EcosystemIdString,
@@ -44,11 +45,12 @@ export type Config = {
   clientId: string;
   ecosystemId?: EcosystemIdString;
   ecosystemPartnerId: string;
+  analyticsOptions?: AnalyticsOptions;
+  authOptions?: AuthOptions;
+  launcherOptions?: LauncherOptions;
   sessionOptions?: SessionOptions;
   autoConnectTimeout?: number;
   onConnect?: (user: User) => void;
-  launcherOptions?: LauncherOptions;
-  analyticsOptions?: AnalyticsOptions;
 };
 
 export type ContextValues = {