IdentityServer
RefreshToken store fix
At this point we cannot accept PRs for new features, only bugfixes. Thanks!
What issue does this PR address? Upon "grant_type" of "refresh_token", newly generated refresh token was being save with OLD access token. This PR fix this issue and now it will store new access token with new refresh token
Does this PR introduce a breaking change? No
Please check if the PR fulfills these requirements
- [ Yes] The commit follows our guidelines
- [x] Unit Tests for the changes have been added (for bug fixes / features) Verified Other information:
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Questions are community supported only and the authors/maintainers may or may not have time to reply. If you or your company would like commercial support, please see here for more information.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
I was writing custom persistence for IdentityServer4. During unit tests, I faced an issue 1- Generated Access Token(reference type) + Refresh Token. 2- Used jti and a custom field to relate(CorrelationId) access token with its refresh token. This is to track tokens chain 3- When Access token got expired, generated new access token from refresh token flow 4- Now I received both Access Token and the new Refresh token 5- Now here is the problem, the newly generated refresh token was being saved with older/expired access token. Ideally, it should "persist" new refresh token with new Access token, generated in step 4.
To fix this issue, I am passing new Access Token as parameter to refresh token service so it can update and persist the correct pair of tokens. Also sets its default value in paramter so it doesn't break other flows.
Had the same problem when using JwtId as cache identifier for a blacklist of access tokens. Can anyone merge this? It's not a new feature only a bug fix.
