feat: enhance token refresh logic with issued time

louis-lemon · louis-lemon · commit 5792501bf459 · 2025-06-11T14:55:00.000+09:00
diff --git a/src/token-storage/aws-storage.service.ts b/src/token-storage/aws-storage.service.ts
@@ -13,6 +13,7 @@ export class AWSStorageService extends TokenStorageService {
         'secret_key',
         'session_token',
         'expired_time',
+        'issued_time',
         'kms_arn',
     ];
 
@@ -44,8 +45,32 @@ export class AWSStorageService extends TokenStorageService {
 
     async shouldRefreshToken(): Promise<boolean> {
         const expiredTime = +(await this.storage.getItem(`${this.prefix}.expired_time`));
+        const issuedTime = +(await this.storage.getItem(`${this.prefix}.issued_time`));
         const now = new Date().getTime();
-        return now >= expiredTime;
+
+        if (!expiredTime) {
+            return true;
+        }
+        if (now >= expiredTime) {
+            return true;
+        }
+
+        // 전략 1: 고정 버퍼 (5분 전에 refresh)
+        const bufferTime = 5 * 60 * 1000;
+        if (now >= expiredTime - bufferTime) {
+            return true;
+        }
+
+        // 전략 2: 토큰 수명의 75% 지점에서 refresh
+        if (issuedTime) {
+            const tokenLifetime = expiredTime - issuedTime;
+            const refreshThreshold = issuedTime + tokenLifetime * 0.75;
+            if (now >= refreshThreshold) {
+                return true;
+            }
+        }
+
+        return false;
     }
 
     async getCachedCredentials(): Promise<LemonCredentials> {
@@ -94,6 +119,11 @@ export class AWSStorageService extends TokenStorageService {
         const expiredTime = this.calculateTokenExpiration(Expiration, identityToken);
         this.storage.setItem(`${this.prefix}.expired_time`, expiredTime.toString());
 
+        const issuedTime = this.calculateTokenIssuedTime(identityToken);
+        if (issuedTime) {
+            this.storage.setItem(`${this.prefix}.issued_time`, issuedTime.toString());
+        }
+
         return;
     }
 
diff --git a/src/token-storage/azure-storage.service.ts b/src/token-storage/azure-storage.service.ts
@@ -17,6 +17,7 @@ export class AzureStorageService extends TokenStorageService {
         'access_token',
         'host_key',
         'expired_time',
+        'issued_time',
         'client_id',
     ];
 
@@ -58,8 +59,32 @@ export class AzureStorageService extends TokenStorageService {
      */
     async shouldRefreshToken(): Promise<boolean> {
         const expiredTime = +(await this.storage.getItem(`${this.prefix}.expired_time`));
+        const issuedTime = +(await this.storage.getItem(`${this.prefix}.issued_time`));
         const now = new Date().getTime();
-        return now >= expiredTime;
+
+        if (!expiredTime) {
+            return true;
+        }
+        if (now >= expiredTime) {
+            return true;
+        }
+
+        // 전략 1: 고정 버퍼 (5분 전에 refresh)
+        const bufferTime = 5 * 60 * 1000;
+        if (now >= expiredTime - bufferTime) {
+            return true;
+        }
+
+        // 전략 2: 토큰 수명의 75% 지점에서 refresh
+        if (issuedTime) {
+            const tokenLifetime = expiredTime - issuedTime;
+            const refreshThreshold = issuedTime + tokenLifetime * 0.75;
+            if (now >= refreshThreshold) {
+                return true;
+            }
+        }
+
+        return false;
     }
 
     /**
@@ -103,6 +128,12 @@ export class AzureStorageService extends TokenStorageService {
 
         const expiredTime = this.calculateTokenExpiration(Expiration, identityToken);
         this.storage.setItem(`${this.prefix}.expired_time`, expiredTime.toString());
+
+        const issuedTime = this.calculateTokenIssuedTime(identityToken);
+        if (issuedTime) {
+            this.storage.setItem(`${this.prefix}.issued_time`, issuedTime.toString());
+        }
+
         return;
     }
 
diff --git a/src/token-storage/token-storage.service.ts b/src/token-storage/token-storage.service.ts
@@ -1,6 +1,6 @@
 import { CloudProvider, Storage, WebCoreConfig } from '../types';
 import { LocalStorageService } from '../utils';
-import { jwtDecode } from 'jwt-decode';
+import { jwtDecode, JwtPayload } from 'jwt-decode';
 
 export const USE_X_LEMON_IDENTITY_KEY = 'use_x_lemon_identity_key';
 export const USE_X_LEMON_LANGUAGE_KEY = 'use_x_lemon_language_key';
@@ -71,15 +71,15 @@ export abstract class TokenStorageService {
 
     calculateTokenExpiration(serverExpiration?: string, jwtToken?: string): number {
         const SAFETY_BUFFER = 5 * 60 * 1000; // 5 minutes
-        const FALLBACK_DURATION = 30 * 60 * 1000; // 30 minutes
+        const FALLBACK_DURATION = 15 * 60 * 1000; // 15 minutes
 
         if (serverExpiration) {
             return new Date(serverExpiration).getTime() - SAFETY_BUFFER;
         }
 
         if (jwtToken) {
             try {
-                const jwtExpiration = this.extractJWTExpiration(jwtToken);
+                const jwtExpiration = this.extractJWT(jwtToken)?.exp || null;
                 if (jwtExpiration) {
                     return jwtExpiration * 1000 - SAFETY_BUFFER; // JWT exp is in seconds
                 }
@@ -92,10 +92,25 @@ export abstract class TokenStorageService {
         return new Date().getTime() + FALLBACK_DURATION;
     }
 
-    extractJWTExpiration(jwt: string): number | null {
+    calculateTokenIssuedTime(jwtToken?: string): number | null {
+        if (jwtToken) {
+            try {
+                const jwtIssuedAt = this.extractJWT(jwtToken)?.iat || null;
+                if (jwtIssuedAt) {
+                    return jwtIssuedAt * 1000;
+                }
+            } catch (error) {
+                console.warn('Failed to parse JWT expiration:', error);
+                return null;
+            }
+        }
+
+        return null;
+    }
+
+    extractJWT(jwt: string): JwtPayload | null {
         try {
-            const decoded = jwtDecode(jwt);
-            return decoded.exp || null;
+            return jwtDecode(jwt);
         } catch {
             return null;
         }
