fix(oauth2): refresh token is optional (#26266) (#26271)

Don't overwrite refresh_token with an empty string, if no new refresh_token is received (i.e. the old one is still valid). Ref: https://www.rfc-editor.org/rfc/rfc6749#section-5.1 (cherry picked from commit 42be145) Co-authored-by: Raffael Meyer <14891507+barredterra@users.noreply.github.com>
frappe · May 1, 2024 · d6603c6 · d6603c6
1 parent b8527ca
commit d6603c6
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/frappe/integrations/doctype/token_cache/token_cache.py b/frappe/integrations/doctype/token_cache/token_cache.py
@@ -34,9 +34,11 @@ def update_data(self, data):
 
 		self.token_type = token_type
 		self.access_token = cstr(data.get("access_token", ""))
-		self.refresh_token = cstr(data.get("refresh_token", ""))
 		self.expires_in = cint(data.get("expires_in", 0))
 
+		if "refresh_token" in data:
+			self.refresh_token = cstr(data.get("refresh_token"))
+
 		new_scopes = data.get("scope")
 		if new_scopes:
 			if isinstance(new_scopes, str):