Why get access token for 2 times if it is expired? #328

Closed
jugyo opened this Issue May 17, 2011 · 3 comments

2 participants

@jugyo

Why get access token for 2 times if it is expired?
And it seems a bug that the variable 'verifier' is not defined this context.

See: https://github.com/intridea/omniauth/blob/master/oa-oauth/lib/omniauth/strategies/oauth2.rb#L69-75

@mbleigh mbleigh pushed a commit that closed this issue May 17, 2011
Michael Bleigh Make verifier a method so it won't be undefined when getting a refres…
…h token. Closes #328
212acb5
@mbleigh mbleigh closed this in 212acb5 May 17, 2011
@mbleigh
INTRIDEA Inc. member

It does that because if the access token is expired it can't be used to fetch user data, so it instead uses the provided refresh token to renew the access token. It's a bit of an oddity about the OAuth2 spec but is correct. I fixed the verifier undefined problem.

@jugyo

It seems that the fix is wrong. Because It causes a failure using the 'verification_code' for twice.
New access token would be taken at request for refresh token. So It would be unnecessarily to get access token again.

@jugyo

I have opened a pull request. Please see it.
#331
Cheers!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment