coolaj86
/
oauth3.js
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

note the need for limitations on refresh token

This commit is contained in:
AJ ONeal 2017-03-16 17:23:19 -04:00
parent 356a2d3131
commit 02bb01fdf4
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
oauth3.issuer.js
View File

@ -420,6 +420,17 @@ OAUTH3.authz.redirectWithToken = function (providerUri, session, clientParams, s
, debug: clientParams.debug , debug: clientParams.debug
}).then(function (results) { }).then(function (results) {
// TODO limit refresh token to an expirable token
// TODO inform client not to persist token
/*
if (clientParams.dnsTxt) {
Object.keys(results).forEach(function (key) {
if (/refresh/.test(key)) {
results[key] = undefined;
}
});
}
*/
OAUTH3.url.redirect(clientParams, scopes, results); OAUTH3.url.redirect(clientParams, scopes, results);
}); });
} }