[oAuth] User profile should be updated every time they are authenticated

[catalinmiron]

I have the following scenario.

Scenario: Auth, revoke and auth again 
    Given I authenticate using dribbble oauth
    And I receive the JWT among with accessToken
    And I can make a request to dribbble using that accessToken
    When I revoke the app from my account
    And login again
    Then I receive the same accessToken
    And the requests to dribbble returns "Bad credentials"
    And I cannot use the same user again within the app

This might be related to https://github.com/feathersjs/feathers-authentication/blob/fca25f2b5b03b773975595ae9ac034199df5127b/src/services/oauth2/index.js#L42-L51 because we're not doing anything if the user exists in the db.

Solution

Probably do a patch to user/ with the new accessToken? or maybe the whole profile because in the meantime, the user can also change his profile pic or name or email and we're not keeping the truth in our db.

Todo

• add an integration test following the above scenario

[ekryski]

Manually tested. I haven't quite figured out how to write an integration test for OAuth because you need to log in to the service and authorize the application.

[corymsmith]

I think the only way you'd want an actual integration for this is if you set up a local OAuth server and did integration tests against that vs. an actual external service.