Refresh token not getting updated

[suzukieng]

Hi,

I'm using the authorization code flow to obtain an access and refresh token.

The first refresh works fine, and I see the correct refresh token is being used. The service supplies a new refresh token in addition the refreshed access token.

Request:

client_id=xxxx&grant_type=refresh_token&refresh_token=REFRESH_TOKEN_1

Response:

{"access_token":"...","expires_in":600,"something_else":"...","refresh_token":"REFRESH_TOKEN_2"}

But a subsequent refresh fails, because it uses the original refresh token, not the updated one.

client_id=xxxx&grant_type=refresh_token&refresh_token=REFRESH_TOKEN_1

I'm using keychain integration. Any idea why this is happening? I'm using version 5.2.0

Kind Regards Alex

[suzukieng]

Just noticed that a previous issue exists: https://github.com/p2/OAuth2/issues/75 The code looks different now though. Perhaps this is a regression?

[suzukieng]

I opened a PR for this, believe this is a regression. https://github.com/p2/OAuth2/pull/363