This doesn't match the OAuth 2.0 specification (source):
Issuing a refresh token is optional at the discretion of the authorization server.
Auth0 doesn't issue refresh tokens by default:
Currently if we access verifyParams.refreshToken, the types assure us of a string when in fact we will always get undefined. I think the types should be widened to reflect this.
Sorry if this has been discussed before, but I couldn't find anything!
The
refreshTokentype is currently defined as non-optional:https://github.com/sergiodxa/remix-auth-oauth2/blob/bd722c01aaffcfc5189b82fe8938c6b2fd219c2f/src/index.ts#L55
This doesn't match the OAuth 2.0 specification (source):
Auth0 doesn't issue refresh tokens by default:
Currently if we access
verifyParams.refreshToken, the types assure us of astringwhen in fact we will always getundefined. I think the types should be widened to reflect this.Sorry if this has been discussed before, but I couldn't find anything!