refactored to avoid recursion as recommended

geelen · geelen · commit e63c5bae6f9c · 2025-06-06T16:41:55.000+10:00
diff --git a/src/client/auth.ts b/src/client/auth.ts
@@ -1,5 +1,5 @@
 import pkceChallenge from "pkce-challenge";
-import { LATEST_PROTOCOL_VERSION } from "../types.js";
+import {LATEST_PROTOCOL_VERSION} from "../types.js";
 import type {
   OAuthClientInformation,
   OAuthClientInformationFull,
@@ -138,101 +138,102 @@ export async function parseErrorResponse(input: Response | string): Promise<OAut
 export async function auth(
   provider: OAuthClientProvider,
   options: { serverUrl: string | URL, authorizationCode?: string },
-  lastError?: Error
 ): Promise<AuthResult> {
-  const { serverUrl, authorizationCode } = options
   try {
-    const metadata = await discoverOAuthMetadata(serverUrl);
-
-    // Handle client registration if needed
-    let clientInformation = await Promise.resolve(provider.clientInformation());
-    if (!clientInformation) {
-      if (authorizationCode !== undefined) {
-        throw new Error("Existing OAuth client information is required when exchanging an authorization code");
-      }
-
-      if (!provider.saveClientInformation) {
-        throw new Error("OAuth client information must be saveable for dynamic registration");
-      }
+    return await authInternal(provider, options);
+  } catch (error) {
+    // Handle recoverable error types by invalidating credentials and retrying
+    if (error instanceof InvalidClientError || error instanceof UnauthorizedClientError) {
+      await provider.invalidateCredentials?.('all');
+      return await authInternal(provider, options);
+    } else if (error instanceof InvalidGrantError) {
+      await provider.invalidateCredentials?.('tokens');
+      return await authInternal(provider, options);
+    }
 
-      const fullInformation = await registerClient(serverUrl, {
-        metadata,
-        clientMetadata: provider.clientMetadata,
-      });
+    // Throw otherwise
+    throw error
+  }
+}
 
-      await provider.saveClientInformation(fullInformation);
-      clientInformation = fullInformation;
-    }
+async function authInternal(
+  provider: OAuthClientProvider,
+  options: { serverUrl: string | URL, authorizationCode?: string },
+): Promise<AuthResult> {
+  const { serverUrl, authorizationCode } = options;
+  const metadata = await discoverOAuthMetadata(serverUrl);
 
-    // Exchange authorization code for tokens
+  // Handle client registration if needed
+  let clientInformation = await Promise.resolve(provider.clientInformation());
+  if (!clientInformation) {
     if (authorizationCode !== undefined) {
-      const codeVerifier = await provider.codeVerifier();
-      const tokens = await exchangeAuthorization(serverUrl, {
-        metadata,
-        clientInformation,
-        authorizationCode,
-        codeVerifier,
-        redirectUri: provider.redirectUrl,
-      });
-
-      await provider.saveTokens(tokens);
-      return "AUTHORIZED";
+      throw new Error("Existing OAuth client information is required when exchanging an authorization code");
     }
 
-    const tokens = await provider.tokens();
-
-    // Handle token refresh or new authorization
-    if (tokens?.refresh_token) {
-      try {
-        // Attempt to refresh the token
-        const newTokens = await refreshAuthorization(serverUrl, {
-          metadata,
-          clientInformation,
-          refreshToken: tokens.refresh_token,
-        });
-
-        await provider.saveTokens(newTokens);
-        return "AUTHORIZED";
-      } catch (error) {
-        // If this is a ServerError, or an unknown type, log it out and try to continue. Otherwise, escalate so we can fix things and retry.
-        if (!(error instanceof OAuthError) || error instanceof ServerError) {
-          console.error("Could not refresh OAuth tokens:", error);
-        } else {
-          console.warn(`OAuth token refresh failed: ${JSON.stringify(error.toResponseObject())}`);
-          throw error
-        }
-      }
+    if (!provider.saveClientInformation) {
+      throw new Error("OAuth client information must be saveable for dynamic registration");
     }
 
-    // Start new authorization flow
-    const {authorizationUrl, codeVerifier} = await startAuthorization(serverUrl, {
+    const fullInformation = await registerClient(serverUrl, {
+      metadata,
+      clientMetadata: provider.clientMetadata,
+    });
+
+    await provider.saveClientInformation(fullInformation);
+    clientInformation = fullInformation;
+  }
+
+  // Exchange authorization code for tokens
+  if (authorizationCode !== undefined) {
+    const codeVerifier = await provider.codeVerifier();
+    const tokens = await exchangeAuthorization(serverUrl, {
       metadata,
       clientInformation,
-      redirectUrl: provider.redirectUrl,
-      scope: provider.clientMetadata.scope
+      authorizationCode,
+      codeVerifier,
+      redirectUri: provider.redirectUrl,
     });
 
-    await provider.saveCodeVerifier(codeVerifier);
-    await provider.redirectToAuthorization(authorizationUrl);
-    return "REDIRECT";
-  } catch (error) {
-    switch ((error as Error).constructor) {
-      // Don't loop forever if the same type of error recurs
-      case lastError?.constructor:
+    await provider.saveTokens(tokens);
+    return "AUTHORIZED"
+  }
+
+  const tokens = await provider.tokens();
+
+  // Handle token refresh or new authorization
+  if (tokens?.refresh_token) {
+    try {
+      // Attempt to refresh the token
+      const newTokens = await refreshAuthorization(serverUrl, {
+        metadata,
+        clientInformation,
+        refreshToken: tokens.refresh_token,
+      });
+
+      await provider.saveTokens(newTokens);
+      return "AUTHORIZED"
+    } catch (error) {
+      // If this is a ServerError, or an unknown type, log it out and try to continue. Otherwise, escalate so we can fix things and retry.
+      if (!(error instanceof OAuthError) || error instanceof ServerError) {
+        console.error("Could not refresh OAuth tokens:", error);
+      } else {
+        console.warn(`OAuth token refresh failed: ${JSON.stringify(error.toResponseObject())}`);
         throw error;
-      // Invalid clients mean the entire local state is now invalid, so clear it all then retry
-      case InvalidClientError:
-      case UnauthorizedClientError:
-        await provider.invalidateCredentials?.('all')
-        return await auth(provider, options, error as Error)
-      // Invalid grants mean clear the tokens and retry
-      case InvalidGrantError:
-        await provider.invalidateCredentials?.('tokens')
-        return await auth(provider, options, error as Error)
-      default:
-        throw error
+      }
     }
   }
+
+  // Start new authorization flow
+  const {authorizationUrl, codeVerifier} = await startAuthorization(serverUrl, {
+    metadata,
+    clientInformation,
+    redirectUrl: provider.redirectUrl,
+    scope: provider.clientMetadata.scope
+  });
+
+  await provider.saveCodeVerifier(codeVerifier);
+  await provider.redirectToAuthorization(authorizationUrl);
+  return "REDIRECT"
 }
 
 /**
