From 323425aa30440f8a3577cc871f352d304139a4dc Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Thu, 4 Apr 2024 17:58:40 +0200
Subject: [PATCH] fix(oidc): correctly return new refresh token on refresh
 token grant (#7707)

* fix(oidc): correctly return new refresh token on refresh token grant

* fix import

(cherry picked from commit 29ad51b0e3d8bc83e497e553fad60cb9a667bb30)
---
 internal/api/oidc/token_exchange_integration_test.go | 7 ++++---
 internal/command/user_human_refresh_token.go         | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/internal/api/oidc/token_exchange_integration_test.go b/internal/api/oidc/token_exchange_integration_test.go
index 54ad8808d2..e1fb8fad07 100644
--- a/internal/api/oidc/token_exchange_integration_test.go
+++ b/internal/api/oidc/token_exchange_integration_test.go
@@ -15,14 +15,14 @@ import (
 	"github.com/zitadel/oidc/v3/pkg/client/tokenexchange"
 	"github.com/zitadel/oidc/v3/pkg/crypto"
 	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/proto"
 
 	oidc_api "github.com/zitadel/zitadel/internal/api/oidc"
 	"github.com/zitadel/zitadel/internal/integration"
 	"github.com/zitadel/zitadel/pkg/grpc/admin"
 	feature "github.com/zitadel/zitadel/pkg/grpc/feature/v2beta"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-	"google.golang.org/protobuf/proto"
 )
 
 func setTokenExchangeFeature(t *testing.T, value bool) {
@@ -107,6 +107,7 @@ func refreshTokenVerifier(ctx context.Context, provider rp.RelyingParty, subject
 			require.NotNil(t, tokens.IDTokenClaims.Actor)
 			assert.Equal(t, actorSubject, tokens.IDTokenClaims.Actor.Subject)
 		}
+		assert.NotEmpty(t, tokens.RefreshToken)
 	}
 }
 
diff --git a/internal/command/user_human_refresh_token.go b/internal/command/user_human_refresh_token.go
index 61ec2da7bd..76f5847168 100644
--- a/internal/command/user_human_refresh_token.go
+++ b/internal/command/user_human_refresh_token.go
@@ -99,7 +99,7 @@ func (c *Commands) RenewRefreshTokenAndAccessToken(
 	if err != nil {
 		return nil, "", err
 	}
-	return accessToken, newRefreshToken, nil
+	return accessToken, renewed.token, nil
 }
 
 func (c *Commands) RevokeRefreshToken(ctx context.Context, userID, orgID, tokenID string) (*domain.ObjectDetails, error) {