oauth2-auth-code-pkce icon indicating copy to clipboard operation
oauth2-auth-code-pkce copied to clipboard
verified publisher icon BitySA

Bug: mishandled `extraRefreshParams`

Open chasecaleb opened this issue 4 years ago • 1 comments

If extraRefreshParams are provided, then the grant_type, refresh_token, and client_id are no longer sent.

Permalink to bug in master: https://github.com/BitySA/oauth2-auth-code-pkce/blob/89f3893ba6a2a5d4fa9da6b4476efd8d1cd6dca5/index.ts#L388-L390

I think this should actually be (untested):

 if (extraRefreshParams) { 
   body = `${body}&${OAuth2AuthCodePKCE.objectToQueryString(extraRefreshParams)}` 
 }

chasecaleb avatar Oct 29 '21 16:10 chasecaleb

Thanks @chasecaleb !

lf94 avatar Feb 14 '22 16:02 lf94