Mercurial Mercurial > prosody > prosody-modules / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Fix unintentional persistence
authorKim Alvefur <zash@zash.se>
Thu, 11 May 2023 15:10:44 +0200
changeset 5449 74fdf4a7cca1
parent 5448 0c7abc81c243
child 5450 dd7bddc87f98
mod_http_oauth2: Fix unintentional persistence
mod_http_oauth2/mod_http_oauth2.lua file | annotate | diff | comparison | revisions 
--- a/mod_http_oauth2/mod_http_oauth2.lua	Wed May 10 19:49:40 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Thu May 11 15:10:44 2023 +0200
@@ -205,6 +205,7 @@
 	else
 		-- Grant exists, reuse existing refresh token
 		refresh_token = refresh_token_info.token;
+		refresh_token_info.token = nil; -- Prevent persistence of *secret* token
 
 		refresh_token_info.grant = nil; -- Prevent reference loop
 	end
prosody-modules