diff --git a/oauth3.core.js b/oauth3.core.js index a9436e0..06aaf50 100644 --- a/oauth3.core.js +++ b/oauth3.core.js @@ -484,7 +484,8 @@ // info about the newly-discovered token oldSession.token = OAUTH3.jwt.decode(oldSession.access_token).payload; - oldSession.token.sub = oldSession.token.sub || (oldSession.token.acx||{}).id + oldSession.token.sub = oldSession.token.sub + || (oldSession.token.acx||{}).id || ((oldSession.token.axs||[])[0]||{}).appScopedId || ((oldSession.token.axs||[])[0]||{}).id ; @@ -493,7 +494,8 @@ if (oldSession.refresh_token) { oldSession.refresh = OAUTH3.jwt.decode(oldSession.refresh_token).payload; - oldSession.refresh.sub = oldSession.refresh.sub || (oldSession.refresh.acx||{}).id + oldSession.refresh.sub = oldSession.refresh.sub + || (oldSession.refresh.acx||{}).id || ((oldSession.refresh.axs||[])[0]||{}).appScopedId || ((oldSession.refresh.axs||[])[0]||{}).id ; diff --git a/oauth3.issuer.js b/oauth3.issuer.js index 2d800ca..257a196 100644 --- a/oauth3.issuer.js +++ b/oauth3.issuer.js @@ -208,7 +208,7 @@ OAUTH3.urls.grants = function (directive, opts) { var url = OAUTH3.url.resolve(directive.api, directive.grants.url) .replace(/(:azp|:client_id)/g, OAUTH3.uri.normalize(opts.client_id || opts.client_uri)) - .replace(/(:sub|:account_id)/g, opts.session.token.sub) + .replace(/(:sub|:account_id)/g, opts.session.token.sub || 'ISSUER:GRANT:TOKEN_SUB:UNDEFINED') ; var data = { client_id: opts.client_id @@ -425,6 +425,17 @@ OAUTH3.authz.redirectWithToken = function (providerUri, session, clientParams, s , debug: clientParams.debug }).then(function (results) { + // TODO limit refresh token to an expirable token + // TODO inform client not to persist token + /* + if (clientParams.dnsTxt) { + Object.keys(results).forEach(function (key) { + if (/refresh/.test(key)) { + results[key] = undefined; + } + }); + } + */ OAUTH3.url.redirect(clientParams, scopes, results); }); }