delete expired token cookies

lib/oauth3.js

@@ -22,6 +22,10 @@ function generateRescope(req, Models, decoded, fullPpid, ppid) {
       if (!result || !result.sub || !decoded.iss) {
         // XXX BUG XXX TODO swap this external ppid for an internal (and ask user to link with existing profile)
         //req.oauth3.accountIdx = fullPpid;
+        console.log(decoded);
+        console.log(decoded.iss);
+        console.log(fullPpid);
+        console.log(ppid);
         throw new Error("internal / external ID swapping not yet implemented. TODO: "
           + "No profile found with that credential. Would you like to create a new profile or link to an existing profile?");
       }
@@ -198,6 +202,14 @@ function verifyToken(token) {
     try {
       return jwt.verify(token, require('jwk-to-pem')(res.data), opts);
     } catch (err) {
+      if ('TokenExpiredError' === err.code) {
+        return PromiseA.reject({
+          message: 'TokenExpiredError: jwt expired'
+        , code: 'E_TOKEN_EXPIRED'
+        , url: 'https://oauth3.org/docs/errors#E_TOKEN_EXPIRED'
+        });
+      }
+
       return PromiseA.reject({
         message: 'token verification failed'
       , code: 'E_INVALID_TOKEN'
@@ -220,7 +232,8 @@ function deepFreeze(obj) {
 function cookieOauth3(Models, req, res, next) {
   req.oauth3 = {};
 
-  var token = req.cookies.jwt;
+  var cookieName = 'jwt';
+  var token = req.cookies[cookieName];
 
   req.oauth3.encodedToken = token;
   req.oauth3.verifyAsync = function (jwt) {
@@ -251,6 +264,11 @@ function cookieOauth3(Models, req, res, next) {
       next();
       return;
     }
+    if ('E_TOKEN_EXPIRED' === err.code) {
+      res.clearCookie(cookieName);
+      next();
+      return;
+    }
     console.error('[walnut] cookie lib/oauth3 error:');
     console.error(err);
     res.send(err);