Skip to content

fix(token): align Token model with x_refresh_token_hard_expires_in response field#207

Open
noneal220 wants to merge 1 commit intointuit:masterfrom
noneal220:noneal220/fix/rename-hard-expires-field
Open

fix(token): align Token model with x_refresh_token_hard_expires_in response field#207
noneal220 wants to merge 1 commit intointuit:masterfrom
noneal220:noneal220/fix/rename-hard-expires-field

Conversation

@noneal220
Copy link
Copy Markdown
Contributor

@noneal220 noneal220 commented Apr 20, 2026

Summary

The 4.2.4 release (PR #206) added the x-include-refresh-token-hard-expires-in: true request header to createToken(), refresh(), and refreshUsingToken(), but the Token model stored the response field under x_refresh_token_lifetime_expires_in, which does not match the key the Intuit OAuth2 platform will actually return: x_refresh_token_hard_expires_in.

Once the platform team enables the feature server-side, the existing code would silently drop the value. This PR aligns the client with the real response shape.

Expected platform response (confirmed sample)

{
  "access_token": "eyJhbGciOiJkaXIi...",
  "token_type": "bearer",
  "expires_in": 3600,
  "refresh_token": "RT1-39-H3-1785429816rcysb9dns1ofreknypnm",
  "x_refresh_token_expires_in": 8726400,
  "x_refresh_token_hard_expires_in": 156032154
}

Changes

  • src/access-token/Token.js — rename field to x_refresh_token_hard_expires_in in constructor, getToken(), setToken(), and clearToken().
  • types/index.d.ts — add x_refresh_token_hard_expires_in to both TokenData and the Token class declarations.
  • CHANGELOG.md — correct the 4.2.4 entry to reference the right field name.
  • test/HardExpiresTest.js (new) — 4 tests verifying:
    1. x-include-refresh-token-hard-expires-in: true is sent on createToken().
    2. Same header is sent on refresh().
    3. Same header is sent on refreshUsingToken().
    4. x_refresh_token_hard_expires_in in the response body is parsed into token.x_refresh_token_hard_expires_in, and defaults to 0 when absent (back-compat for the pre-rollout state).

Test results

173 passing (4s)
  6 pending

No lint errors (npx eslint test/HardExpiresTest.js src/access-token/Token.js).

Backward compatibility

  • The outbound header name is unchanged (was already correct in 4.2.4).
  • When the platform omits the field (current state), the Token defaults to 0 — identical behavior to today.
  • Only the internal Token property name changed. The only consumer that could break is code that directly read token.x_refresh_token_lifetime_expires_in, which was added in 4.2.4 and is unreleased field-wise (platform hasn't been returning it yet).

Related

@noneal220
fix(token): align Token model with x_refresh_token_hard_expires_in re…
df306ad 
…sponse field

The 4.2.4 release added the x-include-refresh-token-hard-expires-in header
on createToken(), refresh(), and refreshUsingToken(), but the Token model
stored the response field under x_refresh_token_lifetime_expires_in, which
does not match the key the Intuit OAuth2 platform returns
(x_refresh_token_hard_expires_in). Once the platform team enables the
feature, the current code would silently drop the value.

Changes:
- Rename Token field from x_refresh_token_lifetime_expires_in to
  x_refresh_token_hard_expires_in in constructor, getToken, setToken,
  and clearToken.
- Add x_refresh_token_hard_expires_in to TokenData and Token type
  definitions.
- Update CHANGELOG 4.2.4 entry to reference the correct field name.
- Add test/HardExpiresTest.js to verify the outbound header is sent on
  all three token endpoints and that x_refresh_token_hard_expires_in from
  the response body is parsed into the Token (defaults to 0 when absent).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@noneal220