Giters

capacitor-community / generic-oauth2

Generic Capacitor OAuth 2 client plugin. Stop the war in Ukraine!

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Bug: Refresh ignores scope

taaem opened this issue Β· comments

commented

Capacitor version:

πŸ’Š   Capacitor Doctor  πŸ’Š 

Latest Dependencies:

  @capacitor/cli: 3.5.1
  @capacitor/core: 3.5.1
  @capacitor/android: 3.5.1
  @capacitor/ios: 3.5.1

Installed Dependencies:

  @capacitor/core: 3.5.0
  @capacitor/cli: 3.5.0
  @capacitor/android: 3.5.0
  @capacitor/ios: 3.5.0

[success] Android looking great! πŸ‘Œ
[error] Xcode is not installed

Library version:

  • 3.0.1

OAuth Provider:

  • Other: Keycloak

Your Plugin Configuration

{
          refreshToken: refreshToken,
          scope: "email profile offline_access",
          accessTokenEndpoint: OAuthConfig.accessTokenEndpoint,
          appId: OAuthConfig.clientConfiguration.appId,
}

Affected Platform(s):

  • Android
    • Version/API Level: 30
    • Device Model: Pixel 3 emulator
    • Content of your AndroidManifest.xml
    <?xml version="1.0" encoding="utf-8" ?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="de.akquinet.che.app.beta">
  <application
      android:allowBackup="true"
      android:icon="@mipmap/ic_launcher"
      android:label="@string/app_name"
      android:roundIcon="@mipmap/ic_launcher_round"
      android:supportsRtl="true"
      android:theme="@style/AppTheme">
      <activity
          android:configChanges="orientation|keyboardHidden|keyboard|screenSize|locale|smallestScreenSize|screenLayout|uiMode"
          android:name="de.akquinet.che.app.beta.MainActivity"
          android:label="@string/title_activity_main"
          android:theme="@style/AppTheme.NoActionBarLaunch"
          android:launchMode="singleTask">
          <intent-filter>
              <action android:name="android.intent.action.MAIN" />
              <category android:name="android.intent.category.LAUNCHER" />
          </intent-filter>
      </activity>

      <provider
          android:name="androidx.core.content.FileProvider"
          android:authorities="${applicationId}.fileprovider"
          android:exported="false"
          android:grantUriPermissions="true">
          <meta-data android:name="android.support.FILE_PROVIDER_PATHS" android:resource="@xml/file_paths" />
      </provider>
  </application>

  <!-- Permissions -->

  <uses-permission android:name="android.permission.INTERNET" />
</manifest>

Current Behavior

If I run Auth2Client.refreshToken({}) with the configuration I posted above, scope gets ignored (eg. I get a normal token and not an offline token). Furthermore I can see in the logs:

native OAuth2Client.refreshToken:
callbackId: "121720501"
methodName: "refreshToken"
options:
accessTokenEndpoint: "endpoint"
appId: "id"
refreshToken: "token"
scope: undefined
__proto__: Object
pluginId: "OAuth2Client"
__proto__: Object

and there I can see that the scope is set to undefined.

Expected Behavior

The scope should be respected during refresh of accessTokens.

Reproduction Steps

  1. Get an accessToken and a refreshToken
  2. Try to refresh the token with a custom scope
commented

Found the issue on my end πŸ˜„