-
-
Notifications
You must be signed in to change notification settings - Fork 355
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refresh token flow handler does not set the original request ID in the handler early enough #754
Open
4 of 6 tasks
Labels
bug
Something is not working.
Comments
vivshankar
added a commit
to vivshankar/fosite
that referenced
this issue
Jul 15, 2023
6 tasks
vivshankar
added a commit
to vivshankar/fosite
that referenced
this issue
Jul 15, 2023
vivshankar
added a commit
to vivshankar/fosite
that referenced
this issue
Jul 15, 2023
This was referenced Jul 15, 2023
vivshankar
added a commit
to vivshankar/fosite
that referenced
this issue
Jul 15, 2023
fix: [ory#754] Requester ID fix
aeneasr
pushed a commit
to vivshankar/fosite
that referenced
this issue
Feb 12, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Preflight checklist
Describe the bug
The requester ID for the Requester used in the refresh token flow should use the same ID as the original requester object. This is currently set just before the
CreateRefreshTokenSession
is called in the "Populate" step.Problems -
Alternatives -
Resolution -
request.SetID(originalRequest.GetID())
before https://github.com/ory/fosite/blob/master/handler/oauth2/flow_refresh.go#L80Reproducing the bug
This is not a bug that can be recreated without adding new handlers that consume the original request ID at specific places, such as at the end of token generation or request validation (
NewAccessRequest
).Relevant log output
Relevant configuration
N/A
Version
N/A
On which operating system are you observing this issue?
macOS
In which environment are you deploying?
Binary
Additional Context
No response
The text was updated successfully, but these errors were encountered: