fix: (#503) remove refresh token logic (#507)

Remove the existing refresh token upon an unauthorized response from the fetch token endpoint
wpengine · Sep 27, 2021 · aaad74c · aaad74c
1 parent 5f2349d
commit aaad74c
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/packages/core/src/auth/server/middleware.ts b/packages/core/src/auth/server/middleware.ts
@@ -61,6 +61,9 @@ export async function authorizeHandler(
         res.statusCode = result.response.status;
       } else {
         res.statusCode = 401;
+
+        // If the response to the token endpoint is unauthorized, remove the existing refresh token.
+        oauth.setRefreshToken(undefined);
       }
 
       res.end(JSON.stringify(result.result));