Error: The Refresh token is missing at OAuthClient.validateToken

[AdonousTech]

I have followed the README (https://github.com/intuit/oauth-jsclient#revoke-access_token) and tried multiple permutations, but I keep receiving the error below:

2019-06-26T22:15:28.768Z e82358eb-f950-400e-af7e-f059d3fbf938 Error: The Refresh token is missing at OAuthClient.validateToken (/var/task/node_modules/intuit-oauth/src/OAuthClient.js:641:42) at OAuthClient.<anonymous> (/var/task/node_modules/intuit-oauth/src/OAuthClient.js:299:14) at new Promise (<anonymous>) at OAuthClient.revoke (/var/task/node_modules/intuit-oauth/src/OAuthClient.js:292:13) at db.fetchConnectionObject.then (/var/task/lib/quickbooks.js:118:37) at <anonymous> at process._tickDomainCallback (internal/process/next_tick.js:228:7)

The token I am trying to revoke is stored in a database. The tokenParams object matches the format indicated by the README and I have validated that the values at each property in the object below are not null.

                        const tokenParams = {
                            token_type: 'bearer',
                            expires_in: parsedConnectionObject.qboconnection.tokenExpiration,
                            refresh_token: parsedConnectionObject.qboconnection.refreshToken,
                            x_refresh_token_expires_in: parsedConnectionObject.qboconnection.refreshTokenExpiration,
                            access_token: parsedConnectionObject.qboconnection.accessToken,
                        }

This is where I make the call and pass in the tokenParams object:

                        oauthClient.revoke(tokenParams).then(
                            (revokeTokenResponse) => {
                                console.log('revoke token response ::', revokeTokenResponse);
                                console.log('[INFO] - Access token revoked by user');

                               ///... do more work here

Any help would be appreciated.

[AdonousTech]

I was able to figure this out. It seems that you cannot revoke an access token by passing in the token explicitly. This seems to be contrary to the README documentation https://github.com/intuit/oauth-jsclient#revoke-access_token.

This does not follow the same pattern as refreshing tokens. I can indeed pass in a refresh token to refresh the access token.

Also, looking at the source, it seems the validateToken() method is being called without considering whether a token object was passed in the params. If validateToken is looking for a token on the config object passed in at the time of construction, that could explain the error, as the token was explicitly passed in to the method as an argument, not as part of the object construction.

` OAuthClient.prototype.revoke = function(params) {

return (new Promise(function(resolve) {

    params = params || {};

    /**
     * Check if the tokens exist and are valid
     */
    this.validateToken();

    var body = {};

    body.token = params.access_token || params.refresh_token || (this.getToken().isAccessTokenValid() ? this.getToken().access_token : this.getToken().refresh_token);

    var request = {

`

[abisalehalliprasan]

@appeality : Your right. Thanks for opening a Bug. I am doing validation on the refresh_token that is being passed here: validateToken()

This check might be redundant if the token (access_token / refresh_token) is passed explicitly or implicitly from the client. However, per the README, you can still pass the tokens explicitly also.

I will remove this validation and release a new version. Thanks.

[abisalehalliprasan]

@appeality : The validation has been fixed. You can refer to the latest release 1.3.0 and the update README.md here Thank you for your patience.