Closed sillitoe closed 6 years ago
I really need to get my head back into this code as it's been almost a year since I touched it. The curious thing about the test failure here is if I dump out the, not different, structure the client appears to contain a structure the same as the parent structure but with some differences:
{
'aud' => undef,
'client' => {
'aud' => undef,
'client' => 'frey',
'iat' => 1523718346,
'jti' => 'We8OXobLgGXr87QZd5otaxkC5zH8tIb4',
'scopes' => [
'betrayal'
],
'type' => 'refresh',
'user_id' => undef
},
'exp' => 1523721946,
'iat' => 1523718346,
'iss' => 'some iss',
'jti' => 'Grz9H42bU43sojliUWQHlWxNHKsw1Pmj',
'scopes' => [
'betrayal'
],
'sub' => 'not the passed user_id',
'type' => 'access',
'user_id' => undef
}
Ah yes, I noticed this and couldn't immediately find a good reason for it (which was why I flagged it up). I was hoping this was something to do with an aspect of the data flow that I wasn't familiar with - though it doesn't sound like it is.
Let me know if I can help - if you're okay with the general idea of this PR then I can dig around more.
This makes an effort to ensure that the default implementation of
_verify_access_token
returns a normalised data structure on success (see #20 on Mojolicious::Plugin::OAuth2::Server).Note: it tries to take into account some apparent differences in keys (eg
client => client_id
,scope => scopes
). It might be neater to try to avoid these key clashes at source (or enforce this in an object rather than hash?). However that seems like a more substantial change - this has the advantage that it does the job with minimal disruption to existing code.I'm only adding tests here and all tests pass for me.
HOWEVER, this does make
051_jwt_refresh.t
fail on Mojolicious::Plugin::OAuth2::Server.The returned data structure is now different ('client' is now a HashRef rather than Str) - I don't know whether this constitutes a breaking change.