From 5e10e1893d2998723559766964a6b64aa89eda18 Mon Sep 17 00:00:00 2001
From: AJ ONeal <aj@daplie.com>
Date: Wed, 24 May 2017 08:48:07 +0000
Subject: [PATCH 1/2] remove moot session var

---
 oauth3.core.js | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/oauth3.core.js b/oauth3.core.js
index 93f3b9a..e75fd76 100644
--- a/oauth3.core.js
+++ b/oauth3.core.js
@@ -1139,7 +1139,6 @@
 
         return OAUTH3.implicitGrant(me._providerDirectives, opts).then(function (session) {
           me._session = true;
-          me.__session = session;
           return session;
         });
       }
@@ -1163,7 +1162,6 @@
         return OAUTH3.request(preq, opts);
       }
     , logout: function (opts) {
-        this.__session = false;
         this._session = false;
         opts = opts || {};
         opts.client_uri = this._clientUri;
@@ -1175,7 +1173,7 @@
     , api: function (api, opts) {
         opts = opts || {};
         opts.api = api;
-        opts.session = this.__session || OAUTH3.hooks.session._getCached(this._providerUri);
+        opts.session = OAUTH3.hooks.session._getCached(this._providerUri);
 
         return OAUTH3.api(this._providerUri, opts);
       }

From 372f633625d6a2f294c787941defeccc087a2a70 Mon Sep 17 00:00:00 2001
From: AJ ONeal <aj@daplie.com>
Date: Wed, 24 May 2017 08:57:52 +0000
Subject: [PATCH 2/2] allow ppid from accounts token

---
 oauth3.core.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/oauth3.core.js b/oauth3.core.js
index a2023f6..ea00f3d 100644
--- a/oauth3.core.js
+++ b/oauth3.core.js
@@ -485,14 +485,18 @@
           oldSession.token = OAUTH3.jwt.decode(oldSession.access_token).payload;
 
           oldSession.token.sub = oldSession.token.sub || (oldSession.token.acx||{}).id
-            || ((oldSession.token.axs||[])[0]||{}).id;
+            || ((oldSession.token.axs||[])[0]||{}).appScopedId
+            || ((oldSession.token.axs||[])[0]||{}).id
+            ;
           oldSession.token.client_uri = clientUri;
           oldSession.token.provider_uri = providerUri;
 
           if (oldSession.refresh_token) {
             oldSession.refresh = OAUTH3.jwt.decode(oldSession.refresh_token).payload;
             oldSession.refresh.sub = oldSession.refresh.sub || (oldSession.refresh.acx||{}).id
-              || ((oldSession.refresh.axs||[])[0]||{}).id;
+              || ((oldSession.refresh.axs||[])[0]||{}).appScopedId
+              || ((oldSession.refresh.axs||[])[0]||{}).id
+              ;
             oldSession.refresh.provider_uri = providerUri;
           }