Don’t forget refresh tokens in data loader

p2 · p2 · commit 840d6eac9d3e · 2017-02-21T15:26:07.000+01:00
Only throw away access token, let `OAuth2` base class throw away refresh token if it’s rejected. Concerns #184 .
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@ You can also refer to commit logs to get details on what was implemented, fixed
 ### x.x.x
 
 - Allow more UI customization via `authConfig.UI` and making `OAuth2Authorizer` friendlier to subclassing
+- Implement custom authorization UIs for password grants (thanks @amaurydavid !)
 - Optionally allow `DataLoader` to follow 302 redirects automatically (on same host)
 
 
diff --git a/Sources/DataLoader/OAuth2DataLoader.swift b/Sources/DataLoader/OAuth2DataLoader.swift
@@ -125,6 +125,7 @@ open class OAuth2DataLoader: OAuth2Requestable {
 			catch OAuth2Error.unauthorizedClient {
 				if retry {
 					self.enqueue(request: request, callback: callback)
+					self.oauth2.clientConfig.accessToken = nil
 					self.attemptToAuthorize() { json, error in
 						
 						// dequeue all if we're authorized, throw all away if something went wrong
@@ -159,7 +160,6 @@ open class OAuth2DataLoader: OAuth2Requestable {
 	open func attemptToAuthorize(callback: @escaping ((OAuth2JSON?, OAuth2Error?) -> Void)) {
 		if !isAuthorizing {
 			isAuthorizing = true
-			oauth2.forgetTokens()
 			oauth2.authorize() { authParams, error in
 				self.isAuthorizing = false
 				callback(authParams, error)
diff --git a/Sources/Flows/OAuth2.swift b/Sources/Flows/OAuth2.swift
@@ -342,6 +342,8 @@ open class OAuth2: OAuth2Base {
 	/**
 	If there is a refresh token, use it to receive a fresh access token.
 	
+	If the request returns an error, the refresh token is thrown away.
+	
 	- parameter params:   Optional key/value pairs to pass during token refresh
 	- parameter callback: The callback to call after the refresh token exchange has finished
 	*/
@@ -355,6 +357,7 @@ open class OAuth2: OAuth2Base {
 					let data = try response.responseData()
 					let json = try self.parseRefreshTokenResponseData(data)
 					if response.response.statusCode >= 400 {
+						self.clientConfig.refreshToken = nil
 						throw OAuth2Error.generic("Failed with status \(response.response.statusCode)")
 					}
 					self.logger?.debug("OAuth2", msg: "Did use refresh token for access token [\(nil != self.clientConfig.accessToken)]")
