search

nuxt-community / auth-module

Zero-boilerplate authentication support for Nuxt 2
https://auth.nuxtjs.org
MIT License
1.93k stars 924 forks source link

OAuth2 refreshTokens post request parameter of "scopes" rather than "scope" #1818

Open jayh13 opened 1 year ago

jayh13 commented 1 year ago

In the OAuth2 scheme, the method "refreshTokens" makes a POST request to the token server that looks something like the following. The second query parameter in that code uses "scopes" but the spec says it should be "scope", singular. I don't know about other OAuth2 servers but in this case I'm using Azure AD and I've verified that "scope" is what it expects and it works, "scopes" does not work.

const response = await this.$auth
    .request({
        method: 'post',
        url: this.options.endpoints.token,
        baseURL: '',
        headers: {
            'Content-Type': 'application/x-www-form-urlencoded'
        },
        data: encodeQuery({
            refresh_token: removeTokenPrefix(
                refreshToken,
                this.options.token.type),
            scopes: this.scope,
            client_id: this.options.clientId + '',
            grant_type: 'refresh_token'
        })
    })