refresh_token deleted from response #185

Closed
jozsi opened this Issue Mar 3, 2014 · 1 comment

Comments

Projects
None yet
2 participants

jozsi commented Mar 3, 2014

See https://github.com/ciaranj/node-oauth/blob/master/lib/oauth2.js#L179

  this._request("POST", this._getAccessTokenUrl(), post_headers, post_data, null, function(error, data, response) {
      // ...sniff...
      results= JSON.parse( data );
      var access_token= results["access_token"];
      var refresh_token= results["refresh_token"];
      delete results["refresh_token"]; // <- Line 179
      callback(null, access_token, refresh_token, results); // callback results =-=

The refresh_token is deleted from the results. Is there a specific reason for that? You need to pass the full results to some API's. As a workaround, I am appending the refresh_token back to the results object.

Owner

ciaranj commented May 21, 2014

Hmm, decision lost in the mists of time, presumably, I was being super-careful, as refresh-tokens are 'more' powerful than access_tokens, I've left it up to the client consumer to decide what to do with the refresh_token, rather than have it pass around in the results hash :/

@ciaranj ciaranj closed this May 21, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment