use the refresh_token of the previous token in case of being in the grace period of re-using refresh token

ziXet · jleclanche · commit 3e8176a2260f · 2018-11-15T08:04:20.000+02:00
diff --git a/oauth2_provider/oauth2_validators.py b/oauth2_provider/oauth2_validators.py
@@ -530,6 +530,7 @@ def save_bearer_token(self, token, request, *args, **kwargs):
                 else:
                     # make sure that the token data we're returning matches
                     # the existing token
+                    token["refresh_token"] = previous_access_token.refresh_token.token
                     token["access_token"] = previous_access_token.token
                     token["scope"] = previous_access_token.scope
 
