oauth2: fixes tokenRefresher.Token() ignores new refresh_token

Fixes bug documented in Issue #84 (https://github.com/golang/oauth2/issues/84#issuecomment-72711375). During a refresh request, a new refresh token MAY be returned by the authorization server. When this occurs, tokenRefesher.Token() fails to capture the new refresh token leaving it with an invalid refresh token for future calls. Change-Id: I33b18fdbb750549174865f75eddf85b9725cf281 Reviewed-on: https://go-review.googlesource.com/4151 Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-02-05 14:58:01 -05:00
parent 6f28996586
commit cc2494a288
2 changed files with 51 additions and 17 deletions
--- a/oauth2_test.go
+++ b/oauth2_test.go
@@ -305,3 +305,26 @@ func TestFetchWithNoRefreshToken(t *testing.T) {
 		t.Errorf("Fetch should return an error if no refresh token is set")
 	}
 }
+
+func TestRefreshToken_RefreshTokenReplacement(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		w.Write([]byte(`{"access_token":"ACCESS TOKEN",  "scope": "user", "token_type": "bearer", "refresh_token": "NEW REFRESH TOKEN"}`))
+		return
+	}))
+	defer ts.Close()
+	conf := newConf(ts.URL)
+	tkr := tokenRefresher{
+		conf:         conf,
+		ctx:          NoContext,
+		refreshToken: "OLD REFRESH TOKEN",
+	}
+	tk, err := tkr.Token()
+	if err != nil {
+		t.Errorf("Unexpected refreshToken error returned: %v", err)
+		return
+	}
+	if tk.RefreshToken != tkr.refreshToken {
+		t.Errorf("tokenRefresher.refresh_token = %s; want %s", tkr.refreshToken, tk.RefreshToken)
+	}
+}