Mercurial > prosody-modules

changeset 5445:74fdf4a7cca1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Fix unintentional persistence
author Kim Alvefur <zash@zash.se>
date Thu, 11 May 2023 15:10:44 +0200
parents 0c7abc81c243
children dd7bddc87f98
files mod_http_oauth2/mod_http_oauth2.lua
diffstat 1 files changed, 1 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Wed May 10 19:49:40 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Thu May 11 15:10:44 2023 +0200
@@ -205,6 +205,7 @@
 	else
 		-- Grant exists, reuse existing refresh token
 		refresh_token = refresh_token_info.token;
+		refresh_token_info.token = nil; -- Prevent persistence of *secret* token
 
 		refresh_token_info.grant = nil; -- Prevent reference loop
 	end