bugfix: refresh session and assign sub from sub, acs.id, or axs[0].appScopedId

2017-03-22 20:13:06 -04:00 · 2017-03-22 20:13:06 -04:00 · abb788780d
parent 02bb01fdf4
commit abb788780d
2 changed files with 9 additions and 3 deletions
--- a/oauth3.core.js
+++ b/oauth3.core.js
@ -445,13 +445,19 @@
          // info about the newly-discovered token
          oldSession.token = OAUTH3.jwt.decode(oldSession.access_token).payload;

-          oldSession.token.sub = oldSession.token.sub || oldSession.token.acx.id;
+          oldSession.token.sub = oldSession.token.sub
+            || (oldSession.token.acx && oldSession.token.acx.id)
+            || (oldSession.token.axs && oldSession.token.axs[0] && oldSession.token.axs[0].appScopedId)
+            ;
          oldSession.token.client_uri = clientUri;
          oldSession.token.provider_uri = providerUri;

          if (oldSession.refresh_token) {
            oldSession.refresh = OAUTH3.jwt.decode(oldSession.refresh_token).payload;
-            oldSession.refresh.sub = oldSession.refresh.sub || oldSession.refresh.acx.id;
+            oldSession.refresh.sub = oldSession.refresh.sub
+              || (oldSession.refresh.acx && oldSession.refresh.acx.id)
+              || (oldSession.refresh.axs && oldSession.refresh.axs[0] && oldSession.refresh.axs[0].appScopedId)
+              ;
            oldSession.refresh.provider_uri = providerUri;
          }

--- a/oauth3.issuer.js
+++ b/oauth3.issuer.js
@ -207,7 +207,7 @@ OAUTH3.urls.grants = function (directive, opts) {

  var url = OAUTH3.url.resolve(directive.issuer, directive.grants.url)
    .replace(/(:azp|:client_id)/g, OAUTH3.uri.normalize(opts.client_id || opts.client_uri))
-    .replace(/(:sub|:account_id)/g, opts.session.token.sub)
+    .replace(/(:sub|:account_id)/g, opts.session.token.sub || 'ISSUER:GRANT:TOKEN_SUB:UNDEFINED')
    ;
  var data = {
    client_id: opts.client_id