# HG changeset patch # User Kim Alvefur # Date 1683882698 -7200 # Node ID 6705f2a097021c77dc6a18002c217560c741b02d # Parent d2594bbf7c365f9960977796c573bcdd4fa8eef4 mod_http_oauth2: Reference grant by id instead of value Fixes that the grant got mutated on use of refresh token, notably it would gain 'id' and 'jid' properties set there by mod_tokenauth. Previously also the secret token that we should not be remembering. diff -r d2594bbf7c36 -r 6705f2a09702 mod_http_oauth2/mod_http_oauth2.lua --- a/mod_http_oauth2/mod_http_oauth2.lua Thu May 11 21:43:23 2023 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Fri May 12 11:11:38 2023 +0200 @@ -216,12 +216,9 @@ else -- Grant exists, reuse existing refresh token refresh_token = refresh_token_info.token; - refresh_token_info.token = nil; -- Prevent persistence of *secret* token - - refresh_token_info.grant = nil; -- Prevent reference loop end - local access_token, access_token_info = tokens.create_token(token_jid, grant, role, default_access_ttl, "oauth2"); + local access_token, access_token_info = tokens.create_token(token_jid, grant.id, role, default_access_ttl, "oauth2"); local expires_at = access_token_info.expires; return {