-
Sean Hammond authored
This fixes an issue that, when the client is embedded on a partner site using third-party auth: 1. The client reads grant token that the client embeds in their page from the page 2. The oauth-auth service sends a grant token request, receives back an access token which it caches 3. session.js calls oauth-auth's clearCache(), which deletes the access token 4. The next time the access token is needed the oauth-auth sends a second grant token request, with the same grant token, and gets a second access token So two grant token requests are sent, when only one was needed, because the cached access token is deleted unnecessarily. The fix is to make clearCache() in oauth-auth a no-op for now. For now it never makes sense for oauth-auth to clear its cached access token. OAuth is currently only used when the client is embedded in partner sites and the grant token is embedded in the page by the client. Since the grant token never changes, there's never any reason to clear the access token and request a new one using the same grant token again (you would just be requesting a new access token for the same user account).
0e229735
Name |
Last commit
|
Last update |
---|---|---|
.github | ||
docs | ||
images | ||
scripts | ||
src | ||
.eslintignore | ||
.eslintrc | ||
.gitignore | ||
.npmignore | ||
.npmrc | ||
.travis.yml | ||
CHANGELOG.md | ||
CODE_OF_CONDUCT | ||
Jenkinsfile | ||
LICENSE | ||
Makefile | ||
README.md | ||
gulpfile.js | ||
npm-shrinkwrap.json | ||
package.json |