refreshAccessToken gets new refreshToken

[kevinsherman]

In src/client/resources/tokens.js there is a refreshAccessToken function. The function is intended to use an unexpired refreshToken to refresh an expired accessToken. In the function the parameter 'access_type' is being set to 'offline'. Per the documentation, "Set to offline to receive a refresh token on an authorization_code grant type request. Do not set to offline on a refresh_token grant type request."

My understanding is that this should only be set to offline when requesting the initial tokens (with the 'code' from the redirectURI).

When tested with 'offline' - this it returns both a refresh and access token.
When tested without 'offline' - this ONLY returns an access token (leaving the unexpired refreshToken still valid).

I will put together a PR for this change.

[knicola]

Hello, thank you for taking the time to contribute! This behavior is controlled by the config.accessType setting. Also, though the documentation specifically says not to use offline on a refresh_token request, it is still a valid request, as far as I can tell, and it helps avoid the complexity of deciding when to refresh an access token and when a refresh token since both are refreshed at the same time. Despite that, I'll be happy to move things around if it makes better sense. I'll review the PR hopefully by the eod.

[marknokes]

I've thought about this behavior a little too, but what's really been on my mind lately is this; I've been logging a message inside the "on token" event td.on('token', async token => {} and notice that it can fire many times in a row. Is there some way to refresh the token and wait until it's finished before exiting? If so, subsequent calls to the "is expired" methods would return false, preventing additional calls to refresh.

[knicola]

@marknokes that sounds like a race condition in which case a lock would be a nice thing to have. we'll first need a test to recreate the issue. would you like to give it a go?

[marknokes]

I'm not sure I would know where to start, tbh. I found the refreshAndRetry method, and thought it could perhaps be the culprit. I don't really know how to test it though.