fix: updates 'refresh_token' and 'refresh_expires_in' to be optional properties on the ITokenResponse #48
Conversation
|
Thanks for opening this. I agree with your interpretation of the spec. These attributes should be optional. Can you please explain how introducing this change would be problematic? |
|
Mostly that the types are changing from an explicit types to const token = await instance.exchangeForAccessToken(url);
token.refresh_token.length; // 'token.refresh_token' is possibly 'undefined'.ts(18048)A contrived example, but figured it might be worth mentioning based on |
|
Ok. I think I will have to consider this a breaking change. I have another issue that will be breaking to resolve as well. I would like to get that one resolved and release a 2.0 with this change included. I'll try to get to it soon. Thanks again for your contribution. |
…properties on the ITokenResponse > refresh_token > OPTIONAL. The refresh token, which can be used to obtain new > access tokens using the same authorization grant as described > in Section 6. https://datatracker.ietf.org/doc/html/rfc6749#section-5.1
jbottigliero
force-pushed
the
fix-ITokenResponse-type
branch
from
07402e4
to
ab1c686
Compare
From my understanding the
refresh_tokenwon't always be available on the token response. The actual implementation is dictated by the authorization server, but most often will only be included if explicitly requested by scope (i.e.,offline_access).https://datatracker.ietf.org/doc/html/rfc6749#section-5.1
https://www.oauth.com/oauth2-servers/access-tokens/access-token-response/
I could see this type change being problematic for downstream consumers (and also implemented using a union of more well-defined types rather than optional properties), but figured I'd open this up for discussion.
Thanks for your work on this library!