1
71%
master: 71%

Ran 09 May 2020 11:14AM UTC

Files 97

Run time 6s

Badge

Embed ▾

Committed 09 May 2020 11:12AM UTC coverage: 71.447% (+0.05%) from 71.399%

Job # 1518.1

Build Type

push

travis-ci

Committed by

web-flow

Commit Message

fix: do not issue refresh tokens to clients who cannot use it (#430)

No prior discussion, but this is somewhat related to #370, which makes it possible for clients to be issued a refresh token without requesting a scope.

There may be clients which may not be allowed to use the refresh_token grant type, but which will currently be issued a refresh token during the authorization code flow. Disallowing the refresh_token grant type might be particularly common when there are public clients (using this flow with PKCE).

It is impossible to use the issued refresh token when the client does not have the grant type, and no other client can use it either. It would be neater to avoid issuing refresh tokens that cannot be used.

Run Details

3841 of 5376 relevant lines covered (71.45%)

71.41 hits per line

ory / fosite / 1518 / 1
71%
master: 71%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 1518.1

ory / fosite / 1518 / 1 71% master: 71%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 1518.1

ory / fosite / 1518 / 1
71%
master: 71%

README BADGES
x