equal
deleted
inserted
replaced
408 local refresh_token_info = tokens.get_token_info(params.refresh_token); |
408 local refresh_token_info = tokens.get_token_info(params.refresh_token); |
409 if not refresh_token_info or refresh_token_info.purpose ~= "oauth2-refresh" then |
409 if not refresh_token_info or refresh_token_info.purpose ~= "oauth2-refresh" then |
410 return oauth_error("invalid_grant", "invalid refresh token"); |
410 return oauth_error("invalid_grant", "invalid refresh token"); |
411 end |
411 end |
412 |
412 |
|
413 local refresh_scopes = refresh_token_info.grant.data.oauth2_scopes; |
|
414 local new_scopes, role = filter_scopes(username, refresh_scopes); |
|
415 |
413 -- new_access_token() requires the actual token |
416 -- new_access_token() requires the actual token |
414 refresh_token_info.token = params.refresh_token; |
417 refresh_token_info.token = params.refresh_token; |
415 |
418 |
416 return json.encode(new_access_token( |
419 return json.encode(new_access_token( |
417 refresh_token_info.jid, refresh_token_info.role, refresh_token_info.grant.data.oauth2_scopes, client, nil, refresh_token_info |
420 refresh_token_info.jid, role, new_scopes, client, nil, refresh_token_info |
418 )); |
421 )); |
419 end |
422 end |
420 |
423 |
421 -- RFC 7636 Proof Key for Code Exchange by OAuth Public Clients |
424 -- RFC 7636 Proof Key for Code Exchange by OAuth Public Clients |
422 |
425 |