From 6b54acfa7eb650defd7e2e7e83e0c0c0043d4241 Mon Sep 17 00:00:00 2001
From: tippexs <tippexs91@googlemail.com>
Date: Wed, 8 Dec 2021 14:53:30 +0100
Subject: [PATCH] Check if refresh token is undefined and do not store it in
 this case

---
 internal/configs/oidc/openid_connect.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/internal/configs/oidc/openid_connect.js b/internal/configs/oidc/openid_connect.js
index 2d9fabaad2..db0f33d837 100644
--- a/internal/configs/oidc/openid_connect.js
+++ b/internal/configs/oidc/openid_connect.js
@@ -83,7 +83,8 @@ function auth(r) {
                         r.variables.session_jwt = tokenset.id_token; // Update key-value store
 
                         // Update refresh token (if we got a new one)
-                        if (r.variables.refresh_token != tokenset.refresh_token) {
+                        // 12.2021 - In rare cases the IdP does not include the refresh-token in the response. The rt will be undefined in this case.
+                        if (r.variables.refresh_token != tokenset.refresh_token && tokenset.refresh_token != undefined) {
                             r.log("OIDC replacing previous refresh token (" + r.variables.refresh_token + ") with new value: " + tokenset.refresh_token);
                             r.variables.refresh_token = tokenset.refresh_token; // Update key-value store
                         }