I found that when I use OAuth2Helper.getToken() to authorize for GitHub API using GitHubOAuth2Client, the cached token is not used in next call.
Expected behavior
The cached token in token store is used even when scope is not spefied for GitHub API.
Actual behavior
The cached token in token store is not used when scope is not spefied for GitHub API.
Note
I investigated the cause, and I found that GitHub API returns ..., "scope": "" for no scopes, but AccessTokenResponse.fromHttpResponse assumes that scope is null or empty list ([]), does not assume empty string ("") (see here). So, a map which has an empty string entry (that is, "scope": [""]) is returned and it is serialized to the token store. Then, in next call, scope comparison in token store fails because input scopes is empty list although saved scopes is a list with one empty string, so the cached access token is not used.
Repro code
final client = GitHubOAuth2Client(
customUriScheme: 'http://127.0.0.1:3000',
redirectUri: 'http://127.0.0.1:3000/something',
);
final helper = OAuth2Helper(
client,
clientId: '<Client ID registered in GitHub>',
clientSecret: '<Client Secret gotten from GitHub>',
);
// The browser is shown
final token1 = await helper.getToken();
// The browser shown again because the cache is not used.
final token2 = await helper.getToken();
I found that when I use
OAuth2Helper.getToken()
to authorize for GitHub API usingGitHubOAuth2Client
, the cached token is not used in next call.Expected behavior
The cached token in token store is used even when scope is not spefied for GitHub API.
Actual behavior
The cached token in token store is not used when scope is not spefied for GitHub API.
Note
I investigated the cause, and I found that GitHub API returns
..., "scope": ""
for no scopes, butAccessTokenResponse.fromHttpResponse
assumes thatscope
isnull
or empty list ([]
), does not assume empty string (""
) (see here). So, a map which has an empty string entry (that is,"scope": [""]
) is returned and it is serialized to the token store. Then, in next call, scope comparison in token store fails because input scopes is empty list although saved scopes is a list with one empty string, so the cached access token is not used.Repro code