Fix #960 The bot refresh token is overriden with the user refresh token in OAuthV2DefaultSuccessHandler.java (#961)

seratch · web-flow · commit d4d815612936 · 2022-04-07T08:56:59.000+09:00
diff --git a/bolt/src/main/java/com/slack/api/bolt/service/builtin/oauth/default_impl/OAuthV2DefaultSuccessHandler.java b/bolt/src/main/java/com/slack/api/bolt/service/builtin/oauth/default_impl/OAuthV2DefaultSuccessHandler.java
@@ -75,11 +75,13 @@ public Response handle(OAuthCallbackRequest request, Response response, OAuthV2A
         if (o.getAuthedUser() != null) {
             // we can assume authed_user should exist but just in case
             i = i.installerUserId(o.getAuthedUser().getId())
+                    // These properties can exist only when a user token is requested
                     .installerUserAccessToken(o.getAuthedUser().getAccessToken())
-                    .botRefreshToken(o.getAuthedUser().getRefreshToken())
-                    .botTokenExpiresAt(o.getAuthedUser().getExpiresIn() == null ?
-                            null : System.currentTimeMillis() + (o.getAuthedUser().getExpiresIn() * 1000))
-                    .installerUserScope(o.getAuthedUser().getScope());
+                    .installerUserScope(o.getAuthedUser().getScope())
+                    // These token-rotation-related properties can be absent
+                    .installerUserRefreshToken(o.getAuthedUser().getRefreshToken())
+                    .installerUserTokenExpiresAt(o.getAuthedUser().getExpiresIn() == null ?
+                            null : System.currentTimeMillis() + (o.getAuthedUser().getExpiresIn() * 1000));
         }
 
         if (o.getBotUserId() != null) {
