-
Type:
Bug
-
Resolution: Done
-
Priority:
Major
-
Affects Version/s: COmanage Registry 4.4.0 (Sparkling Summit)
-
Component/s: Registry
-
None
The obtainToken() function for the Oauth2Server model includes the code
// We shouldn't have a new refresh token on a refresh_token grant
|
// (which just gets us a new access token).
|
if($grantType != 'refresh_token') { |
$data['refresh_token'] = $json->refresh_token; |
}
|
There is no protocol requirement that a refresh token be returned so there should be a test to see if the returned JSON has a refresh token before trying to assign it to $data['refresh_token'].
As a concrete example, the login.microsoftonline.com OAuth2 server with a client credential grant does not return a refresh token.
- is related to
-
CO-2857 OAuth2Server method determine access token expired
-
- Resolved
-