Merge changes with master

Author: jonathansamines

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 5.1.0
+
+### Fixes
+- [#434](https://github.com/lelylan/simple-oauth2/pull/434) Preserve existing refresh token when refreshed token doesn't contain a new refresh token
+
 ## 5.0.1
 
 ### Fixes

lib/access-token.js

@@ -48,6 +48,9 @@ module.exports = class AccessToken {
     const parameters = GrantTypeParams.forGrantType(REFRESH_TOKEN_PROPERTY_NAME, this.#config.options, refreshParams);
     const response = await this.#client.request(this.#config.auth.refreshPath, parameters.toObject(), httpOptions);
 
+    if (response[REFRESH_TOKEN_PROPERTY_NAME] === undefined) {
+      response.refresh_token = this.refresh_token;
+    }
     return new AccessToken(this.#config, this.#client, response);
   }
 

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "simple-oauth2",
-  "version": "5.0.1",
+  "version": "5.1.0",
   "support": true,
   "description": "Node.js client for OAuth2",
   "author": "Andrea Reginato <[email protected]>",

package.json

@@ -88,6 +88,14 @@ function createAuthorizationServer(authorizationServerUrl) {
       });
   }
 
+  function tokenSuccessWithoutRefreshToken(scopeOptions, params) {
+    return nock(authorizationServerUrl, scopeOptions)
+      .post('/oauth/token', params)
+      .reply(200, { ...accessToken, refresh_token: undefined }, {
+        'Content-Type': 'application/json',
+      });
+  }
+
   return {
     tokenError,
     tokenAuthorizationError,
@@ -98,6 +106,7 @@ function createAuthorizationServer(authorizationServerUrl) {
     tokenSuccessWithNonJSONContent,
     tokenSuccessWithCustomPath,
     tokenSuccess,
+    tokenSuccessWithoutRefreshToken,
   };
 }
 

test/_authorization-server-mock.js

@@ -271,3 +271,27 @@ test.serial('@refresh => creates a new access token with custom (inline) http op
   scope.done();
   t.true(has(refreshAccessToken.token, 'access_token'));
 });
+
+test.serial('@refresh => creates a new access token with keeping the old refresh token if refresh did not provide a new refresh token', async (t) => {
+  const config = createModuleConfig();
+
+  const accessTokenResponse = chance.accessToken({
+    expireMode: 'expires_in',
+  });
+
+  const client = new Client(config);
+
+  const refreshParams = {
+    grant_type: 'refresh_token',
+    refresh_token: accessTokenResponse.refresh_token,
+  };
+
+  const server = createAuthorizationServer('https://authorization-server.org:443');
+  const scope = server.tokenSuccessWithoutRefreshToken(scopeOptions, refreshParams);
+
+  const accessToken = new AccessToken(config, client, accessTokenResponse);
+  const refreshAccessToken = await accessToken.refresh();
+
+  scope.done();
+  t.true(has(refreshAccessToken.token, 'refresh_token'));
+});