summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGaming4JC <g4jc@hyperbola.info>2019-12-30 10:20:58 -0500
committerGaming4JC <g4jc@hyperbola.info>2019-12-30 20:29:26 -0500
commitfd9d39ac9756a65e3c844dafb03724e53884ce6b (patch)
tree6c9da33741905801dfae1be20f867da81503879d
parentf532cec9768595ecea79714788515190d3c16f2d (diff)
downloaduxp-fd9d39ac9756a65e3c844dafb03724e53884ce6b.tar.gz
Bug 1597933 - don't pass string constants to determine OAuth refresh token or not.
-rw-r--r--mailnews/base/util/OAuth2.jsm26
1 files changed, 16 insertions, 10 deletions
diff --git a/mailnews/base/util/OAuth2.jsm b/mailnews/base/util/OAuth2.jsm
index 8feee0e944..037333abc4 100644
--- a/mailnews/base/util/OAuth2.jsm
+++ b/mailnews/base/util/OAuth2.jsm
@@ -29,9 +29,6 @@ function OAuth2(aBaseURI, aScope, aAppKey, aAppSecret) {
this.log = Log4Moz.getConfiguredLogger("TBOAuth");
}
-OAuth2.CODE_AUTHORIZATION = "authorization_code";
-OAuth2.CODE_REFRESH = "refresh_token";
-
OAuth2.prototype = {
consumerKey: null,
consumerSecret: null,
@@ -53,7 +50,7 @@ OAuth2.prototype = {
if (!aRefresh && this.accessToken) {
aSuccess();
} else if (this.refreshToken) {
- this.requestAccessToken(this.refreshToken, OAuth2.CODE_REFRESH);
+ this.requestAccessToken(this.refreshToken, true);
} else {
if (!aWithUI) {
aFailure('{ "error": "auth_noui" }');
@@ -165,7 +162,7 @@ OAuth2.prototype = {
this.log.info("OAuth2 authorization received: url=" + aURL);
let params = new URLSearchParams(aURL.split("?", 2)[1]);
if (params.has("code")) {
- this.requestAccessToken(params.get("code"), OAuth2.CODE_AUTHORIZATION);
+ this.requestAccessToken(params.get("code"), false);
} else {
this.onAuthorizationFailed(null, aURL);
}
@@ -175,18 +172,27 @@ OAuth2.prototype = {
this.connectFailureCallback(aData);
},
- requestAccessToken: function requestAccessToken(aCode, aType) {
+ /**
+ * Request a new access token, or refresh an existing one.
+ * @param {string} aCode - The token issued to the client.
+ * @param {boolean} aRefresh - Whether it's a refresh of a token or not.
+ */
+ requestAccessToken(aCode, aRefresh) {
+ // @see RFC 6749 section 4.1.3. Access Token Request
+ // @see RFC 6749 section 6. Refreshing an Access Token
+
let params = [
["client_id", this.consumerKey],
["client_secret", this.consumerSecret],
- ["grant_type", aType],
];
- if (aType == OAuth2.CODE_AUTHORIZATION) {
+ if (aRefresh) {
+ params.push(["grant_type", "refresh_token"]);
+ params.push(["refresh_token", aCode]);
+ } else {
+ params.push(["grant_type", "authorization_code"]);
params.push(["code", aCode]);
params.push(["redirect_uri", this.completionURI]);
- } else if (aType == OAuth2.CODE_REFRESH) {
- params.push(["refresh_token", aCode]);
}
let options = {