You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The RefreshToken strategy checks if a revoked token has been passed in, (line 78), however it seems to cause a CaseClauseError in the issue_access_token_by_refresh_token function (line 62). We do not have a test case for revoked tokens in refresh_token_test.exs, so is this a valid test case? Or are we relying on the plugs to guard against revoked tokens making their way into the app?
Application Code
defmodule MyApp.Accounts.RefreshToken do
alias MyApp.Accounts.Services.Applications
alias ExOauth2Provider.Token
alias ExOauth2Provider.OauthAccessTokens.OauthAccessToken
def call(%OauthAccessToken{} = token) do
with {:ok, app} <- Applications.default_application(),
{:ok, access_token} <- refresh_access_token(app, token)
do
{:ok, access_token}
else
{:error, error, _status} -> {:error, error}
_ -> {:error, "Something went wrong"}
end
end
def call(_), do: {:error, "Invalid arguments"}
defp refresh_access_token(app, token) do
%{
"grant_type" => "refresh_token",
"client_id" => app.uid,
"client_secret" => app.secret,
"refresh_token" => token.refresh_token
} |> Token.grant()
end
end
test "with revoked token returns error tuple" do
user = insert(:user)
oauth_application = create_default_oauth_application()
revoked_attrs = %{
revoked_at: NaiveDateTime.utc_now(),
resource_owner: user,
application: oauth_application
}
revoked_token = insert(:oauth_access_token, revoked_attrs)
{:error, message} = RefreshToken.call(revoked_token)
end
Stack trace
(CaseClauseError) no case clause matching: {:ok, {:error, {:error, %{error: :invalid_request, error_description: "The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed."}, :bad_request}}}`
code: {:error, message} = RefreshToken.call(revoked_token)`
stacktrace:
(ex_oauth2_provider) lib/ex_oauth2_provider/oauth2/token/strategy/refresh_token.ex:62: ExOauth2Provider.Token.RefreshToken.issue_access_token_by_refresh_token/1
(ex_oauth2_provider) lib/ex_oauth2_provider/oauth2/token/strategy/refresh_token.ex:31: ExOauth2Provider.Token.RefreshToken.grant/1
(myapp) lib/myapp/accounts/refresh_token.ex:8: MyApp.Accounts.RefreshToken.call/1
test/lib/myapp/accounts/refresh_token_test.exs:33: (test)
The text was updated successfully, but these errors were encountered:
Yeah, there's some code there that doesn't make sense. Could you try use #19 and see if it works for you? I see a lot of room to refactor this and make the flow clearer. When you confirm that this resolves the issue I'll redo the code and release v0.2.2
The RefreshToken strategy checks if a revoked token has been passed in, (line 78), however it seems to cause a CaseClauseError in the
issue_access_token_by_refresh_token
function (line 62). We do not have a test case for revoked tokens in refresh_token_test.exs, so is this a valid test case? Or are we relying on the plugs to guard against revoked tokens making their way into the app?Application Code
Config.exs
Test Case
Stack trace
The text was updated successfully, but these errors were encountered: