Do not try to use an auth code more than once.

Auth codes can only be used once, so clear the code just before performing token exchange to ensure that it is not reused later.

Do not try to use an auth code more than once.
Auth codes can only be used once, so clear the code just before performing token exchange to ensure that it is not reused later.
372bf848 · Robert Knight · 375b5743 · 372bf848
Commit 372bf848 authored Aug 07, 2017 by Robert Knight
Show whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

oauth-auth.js src/sidebar/oauth-auth.js +3 -1

No files found.
--- a/src/sidebar/oauth-auth.js
+++ b/src/sidebar/oauth-auth.js
@@ -241,7 +241,9 @@ function auth($http, $rootScope, $window, flash, localStorage, random, settings)
      } else if (authCode) {
        // Exchange authorization code retrieved from login popup for a new
        // access token.
-        tokenInfoPromise = exchangeAuthCode(authCode).then((tokenInfo) => {
+        var code = authCode;
+        authCode = null; // Auth codes can only be used once.
+        tokenInfoPromise = exchangeAuthCode(code).then((tokenInfo) => {
          saveToken(tokenInfo);
          return tokenInfo;
        });