Merge pull request #1648 from matthewheath/add-custom-access-token-at…

…tributes-to-refresh-token Add custom token attributes to Refresh Token Request
doorkeeper-gem · Mar 23, 2023 · f749791 · f749791
2 parents 313af27 + ae4670f
commit f749791
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@ User-visible changes worth mentioning.
 ## main
 
 - [#ID] Add your PR description here.
+- [#1648] Add custom token attributes to Refresh Token Request
 - [#1644] Update HTTP headers.
 
 # 5.6.5

diff --git a/lib/doorkeeper/oauth/refresh_token_request.rb b/lib/doorkeeper/oauth/refresh_token_request.rb
@@ -49,7 +49,7 @@ def default_scopes
       end
 
       def create_access_token
-        attributes = {}
+        attributes = {}.merge(custom_token_attributes_with_data)
 
         resource_owner =
           if Doorkeeper.config.polymorphic_resource_owner?
@@ -119,6 +119,14 @@ def validate_scope
           true
         end
       end
+
+      def custom_token_attributes_with_data
+        refresh_token
+        .attributes
+        .with_indifferent_access
+        .slice(*Doorkeeper.config.custom_access_token_attributes)
+        .symbolize_keys
+      end
     end
   end
 end
diff --git a/spec/requests/flows/refresh_token_spec.rb b/spec/requests/flows/refresh_token_spec.rb
@@ -246,6 +246,33 @@
       end
     end
 
+    context "when custom_access_token_attributes are configured" do
+      before do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          custom_access_token_attributes [:tenant_name]
+        end
+
+        @token = FactoryBot.create(
+          :access_token,
+          application: @client,
+          resource_owner_id: resource_owner.id,
+          resource_owner_type: resource_owner.class.name,
+          use_refresh_token: true,
+          tenant_name: "Tenant 1",
+        )
+      end
+
+      it "copies custom attributes from the previous token into the new token" do
+        post refresh_token_endpoint_url(
+          client: @client, refresh_token: @token.refresh_token,
+        )
+
+        new_token = Doorkeeper::AccessToken.last
+        expect(new_token.tenant_name).to eq("Tenant 1")
+      end
+    end
+
     def last_token
       Doorkeeper::AccessToken.last_authorized_token_for(
         @client.id, resource_owner,