Skip to content
This repository has been archived by the owner on Feb 12, 2025. It is now read-only.

Commit

Permalink
Fix refreshing a refresh token from authorization code. (#282)
Browse files Browse the repository at this point in the history 
When refreshing a token obtained via a web app the client_secret field
must be set in the request body.
  • Loading branch information
@jhendrixMSFT
jhendrixMSFT authored May 31, 2018
1 parent 99e5f30 commit 4de44cd
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 2 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
# CHANGELOG

## v10.9.2

### Bug Fixes

- Refreshing a refresh token obtained from a web app authorization code now works.

## v10.9.1

### Bug Fixes
Expand Down
8 changes: 8 additions & 0 deletions autorest/adal/token.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -629,6 +629,14 @@ func (spt *ServicePrincipalToken) refreshInternal(ctx context.Context, resource
if spt.token.RefreshToken != "" {
v.Set("grant_type", OAuthGrantTypeRefreshToken)
v.Set("refresh_token", spt.token.RefreshToken)
// web apps must specify client_secret when refreshing tokens
// see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-code#refreshing-the-access-tokens
if spt.getGrantType() == OAuthGrantTypeAuthorizationCode {
err := spt.secret.SetAuthenticationValues(spt, &v)
if err != nil {
return err
}
}
} else {
v.Set("grant_type", spt.getGrantType())
err := spt.secret.SetAuthenticationValues(spt, &v)
Expand Down
16 changes: 15 additions & 1 deletion autorest/adal/token_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -354,6 +354,19 @@ func TestServicePrincipalTokenAuthorizationCodeRefreshSetsBody(t *testing.T) {
t.Fatalf("adal: ServicePrincipalTokenAuthorizationCode#Refresh did not correctly set the HTTP Request Body.")
}
})
testServicePrincipalTokenRefreshSetsBody(t, spt, func(t *testing.T, b []byte) {
body := string(b)

values, _ := url.ParseQuery(body)
if values["client_id"][0] != "id" ||
values["grant_type"][0] != OAuthGrantTypeRefreshToken ||
values["code"][0] != "code" ||
values["client_secret"][0] != "clientSecret" ||
values["redirect_uri"][0] != "http://redirectUri/getToken" ||
values["resource"][0] != "resource" {
t.Fatalf("adal: ServicePrincipalTokenAuthorizationCode#Refresh did not correctly set the HTTP Request Body.")
}
})
}

func TestServicePrincipalTokenSecretRefreshSetsBody(t *testing.T) {
Expand Down Expand Up @@ -688,7 +701,8 @@ func newTokenJSON(expiresOn string, resource string) string {
"expires_on" : "%s",
"not_before" : "%s",
"resource" : "%s",
"token_type" : "Bearer"
"token_type" : "Bearer",
"refresh_token": "ABC123"
}`,
expiresOn, expiresOn, resource)
}
Expand Down
2 changes: 1 addition & 1 deletion autorest/version.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,5 +16,5 @@ package autorest

// Version returns the semantic version (see http://semver.org).
func Version() string {
return "v10.9.1"
return "v10.9.2"
}

0 comments on commit 4de44cd

Please sign in to comment.