Why get access token for 2 times if it is expired? #328

jugyo opened this Issue May 17, 2011 · 3 comments

2 participants


Why get access token for 2 times if it is expired?
And it seems a bug that the variable 'verifier' is not defined this context.

See: https://github.com/intridea/omniauth/blob/master/oa-oauth/lib/omniauth/strategies/oauth2.rb#L69-75

@mbleigh mbleigh pushed a commit that closed this issue May 17, 2011
Michael Bleigh Make verifier a method so it won't be undefined when getting a refres…
…h token. Closes #328
@mbleigh mbleigh closed this in 212acb5 May 17, 2011
INTRIDEA Inc. member

It does that because if the access token is expired it can't be used to fetch user data, so it instead uses the provided refresh token to renew the access token. It's a bit of an oddity about the OAuth2 spec but is correct. I fixed the verifier undefined problem.


It seems that the fix is wrong. Because It causes a failure using the 'verification_code' for twice.
New access token would be taken at request for refresh token. So It would be unnecessarily to get access token again.


I have opened a pull request. Please see it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment