search

badgateway / oauth2-client

OAuth2 client for Node and browsers
https://www.npmjs.com/package/@badgateway/oauth2-client
MIT License
269 stars 31 forks source link

Add an optional scope parameter to the client.refreshToken method #127

Closed superosku closed 7 months ago

superosku commented 10 months ago

Refresh token grant takes an optional parameter scope according to the oauth2 spec

The client just takes the (refresh) token as a parameter link:

  async refreshToken(token: OAuth2Token): Promise<OAuth2Token> {

How about adding an optional scope to the client.refreshToken method.

Can be bypassed for now by using the request('tokenEndpoint', body) method directly.

Also: README.md seems to have the method name incorrectly as refresh instead of refreshToken.

Thanks!

evert commented 10 months ago

Not against adding this, but I am curious about the use-case. Given that omitting the scope is equal to keeping the original scope, the only real reason I see to specify this is to reduce the scope. Is this what you're using it for, or are you talking to a server that requires it no matter what?