Refresh token does not use stored scope
monochkov opened this issue · 0 comments
Checklist
- The issue can be reproduced in the Auth0.Android sample app (or N/A).
- I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
- I have looked into the API documentation and have not found a suitable solution or answer.
- I have searched the issues and have not found a suitable solution or answer.
- I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- I agree to the terms within the Auth0 Code of Conduct.
Description
Library version: 2.10.2.
When I use credentialManager.awaitCredentials() I expect that when access token is expired then it is refreshed by refresh token with the scope I used when saved credentials to credentialsManager.
credentialManager.awaitCredentials(scope: String?, minTtl: Int) function says:
Params: scope - the scope to request for the access token. If null is passed, the previous scope will be kept.
But, it actually does not use previous scope.
CredentialsManager line 239 does not use previously saved scope for refreshing token.
If I do not send scope into function as parameter, the scope will be just ignored.
What I expect to have:
Replace this one:
if (scope != null) {
request.addParameter("scope", scope)
}
with this one:
val scopeForRenew = scope ?: storedScope
if (scopeForRenew != null) {
request.addParameter("scope", scopeForRenew)
}
Reproduction
- Sign in to the app
- Wait for access token expiration
- Open app again
- Refresh token using
credentialManager.awaitCredentials()withscope == null
Expected: access token is refreshed using previously stored scope.
Actual: scope is ignored for refreshing token.
Additional context
No response
Auth0.Android version
2.10.2
Android version(s)
Any