Why get access token for 2 times if it is expired?
And it seems a bug that the variable 'verifier' is not defined this context.
Make verifier a method so it won't be undefined when getting a refres…
…h token. Closes #328
It does that because if the access token is expired it can't be used to fetch user data, so it instead uses the provided refresh token to renew the access token. It's a bit of an oddity about the OAuth2 spec but is correct. I fixed the verifier undefined problem.
It seems that the fix is wrong. Because It causes a failure using the 'verification_code' for twice.
New access token would be taken at request for refresh token. So It would be unnecessarily to get access token again.
I have opened a pull request. Please see it.