refresh_token=thisIsARefreshToken

[michielbdejong]

I'm seeing:

fetch https://localhost:8443/token {
  method: 'POST',
  headers: {
    DPoP: 'eyJhbGciOiJSUzI1NiIsInR5cCI6ImRwb3Arand0IiwiandrIjp7Imt0eSI6IlJTQSIsImtpZCI6IjVmMVFZcmppOGItWWdGczBIbmNuam52ZmZ4X0RKdTU3R1hDeXlLMDlBakUiLCJ1c2UiOiJzaWciLCJhbGciOiJSU0EiLCJlIjoiQVFBQiIsIm4iOiJ5d3hpTnFXUkpFblF3RkpBeDlJVFFkeERKVWw2dzdIV3dXZTZVOUtQYnYzNEZ0NzJVd21iZHA2dTcwb1FvMkFQVkozMlNjbkJOeV80S2FuMU5VQktRWW12T1k2VFdBQWpPMzRBY0FTamZ6aV90S0xzTlY1ZGhTdE5tTWlzTUc3c2c4c2drWndzOFd2R29rX2tTNUNTM2lVQmVnVlhacmhZTDQwb1RNSjdmNWFERmg2cUJhbHZpVms5djliMEp1UklYNWNDYmFfU1RyUE9CZlZ5Mk5YNHFuRmdtQ2xqODhDMkFvY1BBVThFYW9ub0FiUzlzRGtfTTY5d2hDbndRTGJBU0ZjajhIREE5QTZDRmhJYnBqX0F2dnFBUnJwRnpOZlhQZXdvNHVIOVpuby1RUEgxaTdBbmVBYmZDZnlWdXIwT3RFcHhvUWNZbFh6aVE1c3NRbGs3THcifX0.eyJodHUiOiJodHRwczovL2xvY2FsaG9zdDo4NDQzL3Rva2VuIiwiaHRtIjoiUE9TVCIsImp0aSI6IjRiOTU2ZmI1LTdkYTItNDk0ZS04OTFhLTg0NzYyNjUxNjlkNSIsImlhdCI6MTU5NDgxMDk4MiwiZXhwIjoxNTk0ODE0NTgyfQ.MOHhHoC2vhYWIhHTdgp0vLRirTi1XAjJ-QcIwwpZBR6suvMA19yBPeSFtmPjIlS0_EKlrVzqtiqtB9KmGwUsg6HSRi4H3u4jEbu837P_VFRzILPuupi_S3Y--RrXJ04lV6PvE-OI5Mv7sSnWXjRfEfKUnebB2XBeOTIbmNIwS3jbqjwYexaMm3ZTWFlZE5Nq_vh0BrX61fAgxRROJqQld-f7EUhdUxUnhY0peXstNVaX8wW1p2yxTM23ihJPgvbjYjTrNE-DxuyD-Y6W0UUngmmryh-0Rml3FUUGzaU8k_9s5Sul4HmRh0otpeAhPb9WqXum-P-YWSB8EFQ3yoe5mQ',
    'content-type': 'application/x-www-form-urlencoded',
    Authorization: 'Basic NTg5N2MyZGY1MTFlYWFkMjRhYzM5OTk5YzA1MzZlYzY6OTc0ZjUxNmQ4YzJkZDUzYjRhYzQ3NzhlMGVmYWE0NWE='
  },
  body: 'grant_type=refresh_token&refresh_token=thisIsARefreshToken&client_id=5897c2df511eaad24ac39999c0536ec6'
}

The 'thisIsARefreshToken' string looks like it might have been intended as a test fixture, not as a string that should be showing up in production?

cc @jaxoncreed

[michielbdejong]

Ah nm, my bad. It came from https://github.com/solid/storage-tests/blob/493d7fa9702776885c89baee4ecb3765685079b0/test/helpers/obtain-auth-headers.ts#L92