Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refresh_token should not be included in Client Credentials Grant #174

Closed
visvk opened this issue Apr 24, 2015 · 3 comments
Closed

Refresh_token should not be included in Client Credentials Grant #174

visvk opened this issue Apr 24, 2015 · 3 comments
Labels
Milestone

Comments

@visvk
Copy link
Contributor

visvk commented Apr 24, 2015

A refresh_token is being returned when using the Client Credentials Grant.

It should probably be removed from this grant type to better adhere to http://tools.ietf.org/html/rfc6749#section-4.4.3

4.4.3.  Access Token Response

   If the access token request is valid and authorized, the
   authorization server issues an access token as described in
   Section 5.1.  A refresh token SHOULD NOT be included.
@thomseddon
Copy link
Member

👍 Good spot

@thomseddon thomseddon added this to the 3.0.0 milestone May 10, 2015
@thomseddon thomseddon added the bug label May 10, 2015
@CrisFavero
Copy link

+1
Additionally it would be nice to generateRefreshToken to allow for optionally not including a refreshToken. Perhaps rather than checking for falsey using !token in token.js it could specifically check if it is false rather than null.

@facultymatt
Copy link

Getting the same failure here.

I've configured my app to use all 4 grant types. However in cases there I use client credentials, and don't want a refresh token, the below check doesn't work (since this.config.grants does contain refresh token)

if (this.config.grants.indexOf('refresh_token') === -1) return done();

It would make sense to check both this.config.grants AND the current method.

@visvk visvk mentioned this issue Jan 8, 2016
nunofgs added a commit to seegno-forks/node-oauth2-server that referenced this issue Jan 10, 2016
lfk referenced this issue in seegno-forks/node-oauth2-server Jan 30, 2016
nunofgs added a commit to seegno-forks/node-oauth2-server that referenced this issue Feb 4, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants