fix(oidc): correctly return new refresh token on refresh token grant (#7707)

* fix(oidc): correctly return new refresh token on refresh token grant * fix import (cherry picked from commit 29ad51b0e3)
2024-12-13 19:44:21 +00:00 · 2024-04-04 17:58:40 +02:00 · 2024-04-04 17:58:40 +02:00 · 323425aa30
commit 323425aa30
parent 7704dd18c6
2 changed files with 5 additions and 4 deletions
--- a/internal/api/oidc/token_exchange_integration_test.go
+++ b/internal/api/oidc/token_exchange_integration_test.go
@ -15,14 +15,14 @@ import (
 	"github.com/zitadel/oidc/v3/pkg/client/tokenexchange"
 	"github.com/zitadel/oidc/v3/pkg/crypto"
 	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/proto"

 	oidc_api "github.com/zitadel/zitadel/internal/api/oidc"
 	"github.com/zitadel/zitadel/internal/integration"
 	"github.com/zitadel/zitadel/pkg/grpc/admin"
 	feature "github.com/zitadel/zitadel/pkg/grpc/feature/v2beta"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-	"google.golang.org/protobuf/proto"
 )

 func setTokenExchangeFeature(t *testing.T, value bool) {
@ -107,6 +107,7 @@ func refreshTokenVerifier(ctx context.Context, provider rp.RelyingParty, subject
 			require.NotNil(t, tokens.IDTokenClaims.Actor)
 			assert.Equal(t, actorSubject, tokens.IDTokenClaims.Actor.Subject)
 		}
+		assert.NotEmpty(t, tokens.RefreshToken)
 	}
 }

--- a/internal/command/user_human_refresh_token.go
+++ b/internal/command/user_human_refresh_token.go
@ -99,7 +99,7 @@ func (c *Commands) RenewRefreshTokenAndAccessToken(
 	if err != nil {
 		return nil, "", err
 	}
-	return accessToken, newRefreshToken, nil
+	return accessToken, renewed.token, nil
 }

 func (c *Commands) RevokeRefreshToken(ctx context.Context, userID, orgID, tokenID string) (*domain.ObjectDetails, error) {