fix(oidc): correctly return new refresh token on refresh token grant (#…

…7707) * fix(oidc): correctly return new refresh token on refresh token grant * fix import
zitadel · Apr 4, 2024 · 29ad51b · 29ad51b
1 parent a988b9c
commit 29ad51b
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/internal/api/oidc/token_exchange_integration_test.go b/internal/api/oidc/token_exchange_integration_test.go
@@ -15,14 +15,14 @@ import (
 	"github.com/zitadel/oidc/v3/pkg/client/tokenexchange"
 	"github.com/zitadel/oidc/v3/pkg/crypto"
 	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/proto"
 
 	oidc_api "github.com/zitadel/zitadel/internal/api/oidc"
 	"github.com/zitadel/zitadel/internal/integration"
 	"github.com/zitadel/zitadel/pkg/grpc/admin"
 	feature "github.com/zitadel/zitadel/pkg/grpc/feature/v2beta"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-	"google.golang.org/protobuf/proto"
 )
 
 func setTokenExchangeFeature(t *testing.T, value bool) {
@@ -107,6 +107,7 @@ func refreshTokenVerifier(ctx context.Context, provider rp.RelyingParty, subject
 			require.NotNil(t, tokens.IDTokenClaims.Actor)
 			assert.Equal(t, actorSubject, tokens.IDTokenClaims.Actor.Subject)
 		}
+		assert.NotEmpty(t, tokens.RefreshToken)
 	}
 }
 

diff --git a/internal/command/user_human_refresh_token.go b/internal/command/user_human_refresh_token.go
@@ -99,7 +99,7 @@ func (c *Commands) RenewRefreshTokenAndAccessToken(
 	if err != nil {
 		return nil, "", err
 	}
-	return accessToken, newRefreshToken, nil
+	return accessToken, renewed.token, nil
 }
 
 func (c *Commands) RevokeRefreshToken(ctx context.Context, userID, orgID, tokenID string) (*domain.ObjectDetails, error) {