note the need for limitations on refresh token

This commit is contained in:
AJ ONeal 2017-03-16 17:23:19 -04:00
parent 356a2d3131
commit 02bb01fdf4
1 changed files with 11 additions and 0 deletions

View File

@ -420,6 +420,17 @@ OAUTH3.authz.redirectWithToken = function (providerUri, session, clientParams, s
, debug: clientParams.debug
}).then(function (results) {
// TODO limit refresh token to an expirable token
// TODO inform client not to persist token
/*
if (clientParams.dnsTxt) {
Object.keys(results).forEach(function (key) {
if (/refresh/.test(key)) {
results[key] = undefined;
}
});
}
*/
OAUTH3.url.redirect(clientParams, scopes, results);
});
}