From 55ea58d201eb3677ddd860b882af6019c8250615 Mon Sep 17 00:00:00 2001 From: Vivek Shankar Date: Sat, 15 Jul 2023 09:47:28 +0800 Subject: [PATCH] fix: [#754] Set the ID of the original requester early in the refresh_flow handler --- handler/oauth2/flow_refresh.go | 1 + 1 file changed, 1 insertion(+) diff --git a/handler/oauth2/flow_refresh.go b/handler/oauth2/flow_refresh.go index 02c50493f..c3c5788ec 100644 --- a/handler/oauth2/flow_refresh.go +++ b/handler/oauth2/flow_refresh.go @@ -77,6 +77,7 @@ func (c *RefreshTokenGrantHandler) HandleTokenEndpointRequest(ctx context.Contex return errorsx.WithStack(fosite.ErrInvalidGrant.WithHint("The OAuth 2.0 Client ID from this request does not match the ID during the initial token issuance.")) } + request.SetID(originalRequest.GetID()) request.SetSession(originalRequest.GetSession().Clone()) request.SetRequestedScopes(originalRequest.GetRequestedScopes()) request.SetRequestedAudience(originalRequest.GetRequestedAudience())