From 12a966377b6f40efbf9ad525068131b1cd5eee89 Mon Sep 17 00:00:00 2001
From: Daniel Rivers <me@danielrivers.com>
Date: Thu, 3 Oct 2024 01:29:49 +0100
Subject: [PATCH] fix(v1): remove api token from cookies

---
 src/api-client.js | 34 +++++++++++++++-------------------
 1 file changed, 15 insertions(+), 19 deletions(-)

diff --git a/src/api-client.js b/src/api-client.js
index 063ba562..d88c243d 100644
--- a/src/api-client.js
+++ b/src/api-client.js
@@ -29,25 +29,21 @@ export const createKindeManagementAPIClient = async (req, res) => {
   let apiToken = null;
 
   const store = sessionManager(req, res);
-  const tokenFromCookie = store.getSessionItem('kinde_api_access_token');
-  if (isTokenValid(tokenFromCookie)) {
-    apiToken = tokenFromCookie;
-  } else {
-    const response = await fetch(`${config.issuerURL}/oauth2/token`, {
-      method: 'POST',
-      headers: {
-        'content-type': 'application/x-www-form-urlencoded'
-      },
-      body: new URLSearchParams({
-        grant_type: 'client_credentials',
-        client_id: config.clientID,
-        client_secret: config.clientSecret,
-        audience: config.audience
-      })
-    });
-    apiToken = (await response.json()).access_token;
-    store.setSessionItem('kinde_api_access_token', apiToken);
-  }
+  store.removeSessionItem('kinde_api_access_token');
+
+  const response = await fetch(`${config.issuerURL}/oauth2/token`, {
+    method: 'POST',
+    headers: {
+      'content-type': 'application/x-www-form-urlencoded'
+    },
+    body: new URLSearchParams({
+      grant_type: 'client_credentials',
+      client_id: config.clientID,
+      client_secret: config.clientSecret,
+      audience: config.audience
+    })
+  });
+  apiToken = (await response.json()).access_token;
 
   const cfg = new Configuration({
     basePath: config.issuerURL,