refresh_token-Field is empty using Gitlab-Authentification
Steps to reproduce
- use Mattermost as OAuth2-Server and configure its authentification to Gitlab
- obtain OAuth token object
Observed with Mattermost 3.6.2 / Gitlab 8.17.3
- the token object contains both filled values: “access_token” and “refresh_token”
- only “access_token” is filled
- “sometimes” the refresh_token is filled, but I could not figure out under what circumstances it happens
Could you try updating to the latest version of Mattermost (version 3.7.3) and see if the issue still reproduces for you?
With 3.7.3 I still can reproduce it.
When does the Mattermost-Application decide to send a refresh_token, and when not do it?
As I already wrote: infrequently I get a token with “refresh_token”-field filled. So I suppose, that it generally works, but maybe I am using it the worng way?
Thanks for the feedback @wojtus, I’ll ask for help on your question from our devs and get back to you…
I would be interested in the solution of this issue too, @lindy65, did your devs respond already?
Not yet - sorry, we’re quite busy with our current release due out on Monday, 17th. I’ll remind them as soon as they have a chance to have a look at this issue
Thanks for your patience…
Looks like there is a bug where we’re only returning a refresh token if the grant type is “authorization_code” and the client does not have an active token with the specific user.
I’ve created a ticket here https://mattermost.atlassian.net/browse/PLT-6357 to fix the issue. Sorry for the inconvenience
Pull request to fix the issue (and some others) is here: https://github.com/mattermost/platform/pull/6181
It will be included with the 3.9 release next month.