From c32f2e9df848d80cf237cbc277cd76cb9cc10658 Mon Sep 17 00:00:00 2001
From: Philip Colmer <philip.colmer@linaro.org>
Date: Wed, 13 Nov 2024 13:31:58 +0000
Subject: [PATCH] Get biscuit from JWT

---
 auth.config.ts | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/auth.config.ts b/auth.config.ts
index 199d37f6..e53d7413 100644
--- a/auth.config.ts
+++ b/auth.config.ts
@@ -24,6 +24,20 @@ function getPublicKeys() {
   });
 }
 
+async function getBiscuitFromJWT(accessToken: string) {
+  const res = await fetch(`${AUTH_API_URL}/session`, {
+    headers: {
+      Authorization: `Bearer ${accessToken}`
+    }
+  });
+  const resJson = await res.json();
+  if (!res.ok || !resJson) {
+    console.log(resJson);
+    throw new Error("failed to fetch biscuit from session");
+  }
+  return resJson.biscuit.token;
+}
+
 async function afterToken(accessToken: string) {
   // fetch biscuit public keys
   const res = await getPublicKeys();
@@ -107,11 +121,12 @@ export default defineConfig({
       // this is only run after sign in
       if (account) {
         try {
+          let biscuit = await getBiscuitFromJWT(account.access_token!);
           const { profile, public_keys } = await afterToken(
-            account.access_token!
+            biscuit
           );
           return {
-            access_token: account.access_token,
+            access_token: biscuit,
             // refresh_token: account.refresh_token,
             expires_at: account.expires_at,
             public_keys,