search

Tivix / django-rest-auth

This app makes it extremely easy to build Django powered SPA's (Single Page App) or Mobile apps exposing all registration and authentication related functionality as CBV's (Class Base View) and REST (JSON)
www.tivix.com
MIT License
2.41k stars 661 forks source link

'refresh_token' and 'expires_in' keys striped from token #549

Open SYN-tactic opened 5 years ago

SYN-tactic commented 5 years ago

https://github.com/Tivix/django-rest-auth/blob/624ad01afbc86fa15b4e652406f3bdcd01f36e00/rest_auth/registration/serializers.py#L112

At this point in the code the 'refresh_token' and 'expires_in' keys (which are often returned by Oauth2 providers) are essentially stripped from the access_token variable. Later on in django-allauth when these fields are accessed in the parse_token method(see https://github.com/pennersr/django-allauth/blob/f70cb3d622f992f15fe9b57098e0b328445b664e/allauth/socialaccount/providers/oauth2/views.py#L55) , these fields are then left blank, meaning that they do not get populated in the database.

For applications that use the refresh_token and expires_in data this is pretty inconvenient...what's a good solution for this? Is there a reason these keys are left out currently?

SYN-tactic commented 5 years ago

It looks like this issue is resolved by this pull request: https://github.com/Tivix/django-rest-auth/pull/486

rorybyrne commented 5 years ago

Is there any fix for this in the works, or do I have to go and subclass the SocialLoginSerializer just to change one line?