note the need for limitations on refresh token

2017-03-16 17:23:19 -04:00 · 2017-03-16 17:23:19 -04:00 · 02bb01fdf4
commit 02bb01fdf4
parent 356a2d3131
1 changed files with 11 additions and 0 deletions
--- a/oauth3.issuer.js
+++ b/oauth3.issuer.js
@ -420,6 +420,17 @@ OAUTH3.authz.redirectWithToken = function (providerUri, session, clientParams, s
    , debug: clientParams.debug
    }).then(function (results) {

+      // TODO limit refresh token to an expirable token
+      // TODO inform client not to persist token
+      /*
+      if (clientParams.dnsTxt) {
+        Object.keys(results).forEach(function (key) {
+          if (/refresh/.test(key)) {
+            results[key] = undefined;
+          }
+        });
+      }
+      */
      OAUTH3.url.redirect(clientParams, scopes, results);
    });
  }