Fix access token expiration and refresh token handling in GitHub backend
Closed this issue · 0 comments
The access_token expiration value is not stored correctly by the GitHub backend, leading to the refresh token functionality not being triggered.
This issue occurs because the GitHub backend uses a different key (expires1) than the one used by GitHub (and by extension, the OAuth2 RFC2), which is expires_in3. This misconfiguration results in the expiration value always being None4, preventing the refresh functionality from being called5.
In order for the refresh functionality, that is already present in the UserMixin6 and BaseOAuth2 7, to be utilized by the GitHub backend, we have to also include the refresh_token key in the extra_data 1. This ensures that we always store it and use it as outlined by GitHub3.
I’ll open a pull request handling the issue.
Footnotes
-
https://github.com/python-social-auth/social-core/blob/5899cb92ba1c3799a1c614f9b444c490bee2e25c/social_core/backends/github.py#L26 ↩ ↩2
-
https://github.com/python-social-auth/social-core/issues/40 ↩
-
https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens#refreshing-a-user-access-token-with-a-refresh-token ↩ ↩2
-
https://github.com/python-social-auth/social-core/blob/5899cb92ba1c3799a1c614f9b444c490bee2e25c/social_core/backends/base.py#L124-L153 ↩
-
https://github.com/python-social-auth/social-core/blob/5899cb92ba1c3799a1c614f9b444c490bee2e25c/social_core/storage.py#L100-L104 ↩
-
https://github.com/python-social-auth/social-core/blob/5899cb92ba1c3799a1c614f9b444c490bee2e25c/social_core/storage.py#L46-L55 ↩
-
https://github.com/python-social-auth/social-core/blob/5899cb92ba1c3799a1c614f9b444c490bee2e25c/social_core/backends/oauth.py#L454-L461 ↩