Browse Source

Merge efa54a419b into 3f010a50af

pull/6360/merge
Alex Smith 3 days ago
committed by GitHub
parent
commit
7862d746d9
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
  1. 4
      src/sso.rs
  2. 18
      src/sso_client.rs

4
src/sso.rs

@ -424,13 +424,13 @@ pub async fn exchange_refresh_token(
Some(TokenWrapper::Refresh(refresh_token)) => {
// Use new refresh_token if returned
let (new_refresh_token, access_token, expires_in) =
Client::exchange_refresh_token(refresh_token.clone()).await?;
Client::exchange_refresh_token(refresh_token).await?;
create_auth_tokens(
device,
user,
client_id,
new_refresh_token.or(Some(refresh_token)),
new_refresh_token,
access_token,
expires_in,
)

18
src/sso_client.rs

@ -240,11 +240,19 @@ impl Client {
Ok(token_response) => token_response,
};
Ok((
token_response.refresh_token().map(|token| token.secret().clone()),
token_response.access_token().secret().clone(),
token_response.expires_in(),
))
// Always surface a refresh token:
// - If the IdP (e.g., Authentik) returned a rotated one, use it.
// - Otherwise, keep using the one we just used for this request.
let access = token_response.access_token().secret().clone();
let expires_in = token_response.expires_in();
let new_refresh = token_response
.refresh_token()
.map(|t| t.secret().clone())
.unwrap_or_else(|| rt.secret().clone());
Ok((Some(new_refresh), access, expires_in))
}
}

Loading…
Cancel
Save