fix: add scope to refresh tokens

adds scope to `exchangeRefreshToken` fixes authts#364
ncats · Feb 3, 2022 · 62bc823 · 62bc823
1 parent b7e885f
commit 62bc823
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 1 deletion.
diff --git a/src/OidcClient.test.ts b/src/OidcClient.test.ts
@@ -359,7 +359,9 @@ describe("OidcClient", () => {
             const tokenResponse = {
                 access_token: "new_access_token",
             };
-            jest.spyOn(subject["_tokenClient"], "exchangeRefreshToken").mockResolvedValue(tokenResponse);
+            const exchangeRefreshTokenMock =
+                jest.spyOn(subject["_tokenClient"], "exchangeRefreshToken")
+                    .mockResolvedValue(tokenResponse);
             jest.spyOn(JwtUtils, "decode").mockReturnValue({ sub: "sub" });
             const state = new RefreshState({
                 refresh_token: "refresh_token",
@@ -371,6 +373,10 @@ describe("OidcClient", () => {
             const response = await subject.useRefreshToken({ state });
 
             // assert
+            expect(exchangeRefreshTokenMock).toHaveBeenCalledWith( {
+                refresh_token: "refresh_token",
+                scope: "openid",
+            });
             expect(response).toBeInstanceOf(SigninResponse);
             expect(response).toMatchObject(tokenResponse);
             expect(response).toHaveProperty("scope", state.scope);

diff --git a/src/OidcClient.ts b/src/OidcClient.ts
@@ -167,6 +167,7 @@ export class OidcClient {
 
         const result = await this._tokenClient.exchangeRefreshToken({
             refresh_token: state.refresh_token,
+            scope: state.scope,
             timeoutInSeconds,
         });
         const response = new SigninResponse(new URLSearchParams());

diff --git a/src/TokenClient.ts b/src/TokenClient.ts
@@ -28,6 +28,7 @@ export interface ExchangeRefreshTokenArgs {
 
     grant_type?: string;
     refresh_token: string;
+    scope?: string;
 
     timeoutInSeconds?: number;
 }