Insomnia: [Bug] Refresh token is null after one usage
Insomnia currently does not maintain the refresh token after its usage, if response for a new access token request does not include one. As in: Refreshing Access Tokens
mths0x5f
All 4 comments
馃憢 Thanks for opening your first issue! If you're reporting a 馃悶 bug, please make sure
you include steps to reproduce it. If you're requesting a feature 馃巵, please provide real
use cases that would benefit. 馃應
To help make this a smooth process, please be sure you have first read the
contributing guidelines.
![welcome[bot] picture](https://avatars0.githubusercontent.com/in/4141?v=4&s=40)
welcome[bot]
on 10 May 2019
I'm not motivated to fork to propose such a little commit... but from what I've read, I think that between lines 76 and 78,
https://github.com/getinsomnia/insomnia/blob/4a50ad149682f6facd9504d4d3c3732516385f6f/packages/insomnia-app/app/network/o-auth-2/refresh-token.js#L75-L78
would just suffice to put a conditional like:
if (results[c.P_REFRESH_TOKEN] === null) {
results[c.P_REFRESH_TOKEN] = refreshToken;
}
Thanks for reporting this!
I just took a look at the OAuth 2.0 RFC and can confirm that issuing a new refresh token is optional:
The authorization server MAY issue a new refresh token, in which case the client MUST discard the old refresh token and replace it with the new refresh token. The authorization server MAY revoke the old refresh token after issuing a new refresh token to the client. If a new refresh token is issued, the refresh token scope MUST be identical to that of the refresh token included by the client in the request.
I'll get this fixed!
gschier
on 10 May 2019
WOW! That's what I call a fast response. Thank you for this, Insomnia is awesome!
mths0x5f
on 10 May 2019
Related issues
isobit
路
3Comments
Fyb3roptik
路
4Comments
paulleduc
路
4Comments
wimdecorte
路
3Comments
meixger
路
3Comments
Most helpful comment
WOW! That's what I call a fast response. Thank you for this, Insomnia is awesome!