search

leaonline / oauth2-server

OAuth 2 Server package for Meteor to create your own OAuth 2 authorization server. Zero config. Uses continuous updated @node-oauth/oauth2-server library
MIT License
16 stars 9 forks source link

refresh_token request to /oauth/token not possible #16

Open bratelefant opened 5 months ago

bratelefant commented 5 months ago

Describe the bug According to RFC 6749, a refresh of an access token only requires the grant_type and the refresh_token. However, an incoming request fails with the message [validation error]: key <code> => expected <[object Object]>, got <undefined>.

To Reproduce Steps to reproduce the behavior:

  1. Setup a oauth2 according to the docs, enable debug.
  2. request an access token (eg. via postman)
  3. place a refresh token request, with a body like {refresh_token: "12345xyz", grant_type: "refresh_token"}
  4. check the logs

Expected behavior Refresh request should provide a fresh access token

jankapunkt commented 5 months ago

Thank you @bratelefant this is indeed missing 😵 maybe I can add this in the next days

bratelefant commented 5 months ago

I already did some work on this on a local copy, maybe if we can fix https://github.com/leaonline/oauth2-server/issues/17 I could contribute a PR. Ran across several other issues and possible improvements (eg. implement a meteor 3.0 compatible model). Would also really like to address this enhancement.