Bill McCord

Every time I refresh tokens on the OAuth library I'm using I get a new refresh token. Is that not standard? On Jan 31, 2015 1:48 AM, "Jim Cote" [email protected]...

Jim, thanks for posting the gist. That was helpful, but unless I'm misunderstanding something I think there are still cases where the token could be lost. Consider the following and...

Jim, unfortunately, this does not seem to be the case. I built a test based on the tests included with oauth2 here: https://gist.github.com/billmccord/4247b0c4d2a6b5a4d09f You can see from my gist that...

Thanks for validating this. The OAuth provider I'm calling uses a library that always generates a new refresh_token and there isn't an option to not do this yet. Since it...

Yes. You can see here that issue_refresh_token is hard-coded to true for the refresh_token grant_type: https://github.com/FriendsOfSymfony/oauth2-php/blob/b0e57e17c84175a51af01cef7bbb2961261c84ad/lib/OAuth2.php#L840-L842

Two points: 1) I'm not clear on how it isn't compliant with the OAuth 2.0 spec when the spec specifically says in section 1.5 (emphasis, mine): " (H) The authorization...

Jim, thanks, that seems to validate that the bug lies with this project because it doesn't provide a mechanism for obtaining the new refresh_token in situations where the refresh_token is...