Fix for refresh token not being cleared after it expires, preventing re-authorization. [Issue p2#367](p2#367)

josephquigley · josephquigley · commit 28bfdb7d6730 · 2023-10-04T13:36:21.000-04:00
diff --git a/Sources/Flows/OAuth2.swift b/Sources/Flows/OAuth2.swift
@@ -98,7 +98,7 @@ open class OAuth2: OAuth2Base {
 	
 	- parameter params:   Optional key/value pairs to pass during authorization and token refresh
 	- parameter callback: The callback to call when authorization finishes (parameters will be non-nil but may be an empty dict), fails or
-	                      is canceled (error will be non-nil, e.g. `.requestCancelled` if auth was aborted)
+						  is canceled (error will be non-nil, e.g. `.requestCancelled` if auth was aborted)
 	*/
 	public final func authorize(params: OAuth2StringDict? = nil, callback: @escaping ((OAuth2JSON?, OAuth2Error?) -> Void)) {
 		if isAuthorizing {
@@ -142,7 +142,7 @@ open class OAuth2: OAuth2Base {
 	- parameter from:     The context to start authorization from, depends on platform (UIViewController or NSWindow, see `authorizeContext`)
 	- parameter params:   Optional key/value pairs to pass during authorization
 	- parameter callback: The callback to call when authorization finishes (parameters will be non-nil but may be an empty dict), fails or
-	                      is canceled (error will be non-nil, e.g. `.requestCancelled` if auth was aborted)
+						  is canceled (error will be non-nil, e.g. `.requestCancelled` if auth was aborted)
 	*/
 	open func authorizeEmbedded(from context: AnyObject, params: OAuth2StringDict? = nil, callback: @escaping ((_ authParameters: OAuth2JSON?, _ error: OAuth2Error?) -> Void)) {
 		if isAuthorizing {		// `authorize()` will check this, but we want to exit before changing `authConfig`
@@ -181,7 +181,7 @@ open class OAuth2: OAuth2Base {
 	
 	- parameter params:   Optional key/value pairs to pass during authorization
 	- parameter callback: The callback to call once the client knows whether it has an access token or not; if `success` is true an
-	                      access token is present
+						  access token is present
 	*/
 	open func tryToObtainAccessTokenIfNeeded(params: OAuth2StringDict? = nil, callback: @escaping ((OAuth2JSON?, OAuth2Error?) -> Void)) {
 		if hasUnexpiredAccessToken() {
@@ -268,7 +268,7 @@ open class OAuth2: OAuth2Base {
 	Method that creates the OAuth2AuthRequest instance used to create the authorize URL
 	
 	- parameter redirect: The redirect URI string to supply. If it is nil, the first value of the settings' `redirect_uris` entries is
-	                      used. Must be present in the end!
+						  used. Must be present in the end!
 	- parameter scope:    The scope to request
 	- parameter params:   Any additional parameters as dictionary with string keys and values that will be added to the query part
 	- returns:            OAuth2AuthRequest to be used to call to the authorize endpoint
@@ -318,7 +318,7 @@ open class OAuth2: OAuth2Base {
 	Convenience method to be overridden by and used from subclasses.
 	
 	- parameter redirect: The redirect URI string to supply. If it is nil, the first value of the settings' `redirect_uris` entries is
-	                      used. Must be present in the end!
+						  used. Must be present in the end!
 	- parameter scope:    The scope to request
 	- parameter params:   Any additional parameters as dictionary with string keys and values that will be added to the query part
 	- returns:            NSURL to be used to start the OAuth dance
@@ -391,6 +391,9 @@ open class OAuth2: OAuth2Base {
 					callback(json, nil)
 				}
 				catch let error {
+					// Fixes [Issue #367](https://github.com/p2/OAuth2/issues/367)
+					// Refresh token needs to be cleared out upon error, otherwise re-authorizing will not ocurr because the library thinks it has a valid refresh token and tries to fetch a new access token with an expired refresh token.
+					self.clientConfig.refreshToken = nil
 					self.logger?.debug("OAuth2", msg: "Error refreshing access token: \(error)")
 					callback(nil, error.asOAuth2Error)
 				}
@@ -412,7 +415,7 @@ open class OAuth2: OAuth2Base {
 	If both are nil, instantiates a blank `OAuth2DynReg` instead, then attempts client registration.
 	
 	- parameter callback: The callback to call on the main thread; if both json and error is nil no registration was attempted; error is nil
-	                      on success
+						  on success
 	*/
 	public func registerClientIfNeeded(callback: @escaping ((OAuth2JSON?, OAuth2Error?) -> Void)) {
 		if nil != clientId || !type(of: self).clientIdMandatory {
