AuthService.refreshToken send custom value?

[Ben555555]

Is it possible to send a custom value in the request body of AuthService.refreshToken() like this?

userId=08d9e6e1-748e-40c2-87d6-921f9729ad05& refresh_token=... grant_type=refresh_token& client_id=..

[Ben555555]

For now I ended up by extending the AuthService:

export class CustomAuthService extends AuthService implements IAuthService {
    constructor(browser?: Browser, storage?: StorageBackend, requestor?: Requestor) {
        super(browser, storage, requestor);
    }

    protected async requestTokenRefreshWithExtras(extras: StringMap) {
        const _token = await this.token$
            .pipe(take(1))
            .toPromise();

        if (!_token) {
            throw new Error("No Token Defined!");
        }

        let requestJSON: TokenRequestJson = {
            grant_type: GRANT_TYPE_REFRESH_TOKEN,
            refresh_token: _token.refreshToken,
            redirect_uri: this.authConfig.redirect_url,
            client_id: this.authConfig.client_id,
            extras: extras
        };

        let token: TokenResponse = await this.tokenHandler.performTokenRequest(await this.configuration, new TokenRequest(requestJSON));
        await this.storage.setItem(TOKEN_RESPONSE_KEY, JSON.stringify(token.toJson()));
        this.notifyActionListers(AuthActionBuilder.RefreshSuccess(token));
    }

    public async refreshTokenWithExtras(extras: StringMap) {
        await this.requestTokenRefreshWithExtras(extras).catch((response) => {
            this.storage.removeItem(TOKEN_RESPONSE_KEY);
            this.notifyActionListers(AuthActionBuilder.RefreshFailed(response));
        });
    }
}

[mraible]

I wouldn't recommend this. Access and refresh tokens shouldn't contain identity information. In fact, the OAuth spec doesn't even require they be JWTs. They can just be a random string of characters that have no meaning.