Fix bug refresh token and sign out

controllers/saml2/saml2.js

@@ -14,7 +14,7 @@ const config_attributes_representative = Object.keys(
 
 // Create identity provider
 const idp_options = {
-  sso_login_url: config.eidas.node_host,
+  sso_login_url: config.eidas.node_host || config.eidas.idp_host, // config.eidas.idp_host should be deprectated
   sso_logout_url: 'https://' + config.eidas.gateway_host + '/saml2/logout',
   certificates: [],
 };
@@ -302,7 +302,7 @@ exports.login = function(req, res) {
   delete req.body.password;
   delete req.query;
 
-  res.redirect(307, config.eidas.node_host);
+  res.redirect(307, config.eidas.node_host || config.eidas.idp_host); // config.eidas.idp_host should be deprectated
 };
 
 // POST /idm/applications/:application_id/saml2/login -- Response from eIDAs with user credentials

models/model_oauth_server.js

@@ -358,24 +358,25 @@ function storeToken(token, client, identity, jwt) {
     }
   }
 
-  return Promise.all([
-    token.refreshToken
-      ? oauth_refresh_token.create({
-          // no refresh token for client_credentials
-          refresh_token: token.refreshToken,
-          expires: token.refreshTokenExpiresAt,
-          valid: true,
-          oauth_client_id: client.id,
-          user_id,
-          iot_id,
-          authorization_code: token.authorizationCode
-            ? token.authorizationCode
-            : null,
-          scope: token.scope,
-        })
-      : [],
-    !jwt
-      ? oauth_access_token.create({
+  let refresh_token_promise = token.refreshToken
+    ? oauth_refresh_token.create({
+        // no refresh token for client_credentials
+        refresh_token: token.refreshToken,
+        expires: token.refreshTokenExpiresAt,
+        valid: true,
+        oauth_client_id: client.id,
+        user_id,
+        iot_id,
+        authorization_code: token.authorizationCode
+          ? token.authorizationCode
+          : null,
+        scope: token.scope,
+      })
+    : Promise.resolve();
+
+  let access_token_promise = !jwt
+    ? refresh_token_promise.then(
+        oauth_access_token.create({
           access_token: token.accessToken,
           expires: token.accessTokenExpiresAt,
           valid: true,
@@ -388,7 +389,10 @@ function storeToken(token, client, identity, jwt) {
             : null,
           scope: token.scope === 'all' ? null : token.scope,
         })
-      : [],
+      )
+    : [];
+
+  let user_autho_app_promise =
     user_id && config_oauth2.ask_authorization
       ? user_authorized_application.findOrCreate({
           // User has enable application to read their information
@@ -398,8 +402,9 @@ function storeToken(token, client, identity, jwt) {
             oauth_client_id: client.id,
           },
         })
-      : [],
-  ])
+      : [];
+
+  return Promise.all([access_token_promise, user_autho_app_promise])
     .then(function() {
       if (user_id || iot_id) {
         token[identity.dataValues.type] = identity.dataValues.type;

routes/web/authenticate.js

@@ -24,10 +24,6 @@ router.delete(
   web_session_controller.login_required,
   web_session_controller.destroy
 );
-router.delete(
-  '/external_logout',
-  web_session_controller.login_required,
-  web_session_controller.external_destroy
-);
+router.delete('/external_logout', web_session_controller.external_destroy);
 
 module.exports = router;