fix: do not store refresh token, if empty.

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>

internal/oauth2/refresh_test.go

@@ -146,42 +146,40 @@ func TestRefreshReAuth(t *testing.T) {
 					return nil, err
 				}
 
-				if refreshToken != "" {
-					res := httptest.NewRecorder()
-					if !strings.Contains(string(requestBody), refreshToken) {
-						res.WriteHeader(http.StatusUnauthorized)
-					} else {
-						res.WriteHeader(http.StatusOK)
-					}
+				if refreshToken == "" {
+					req.Body = io.NopCloser(bytes.NewReader(requestBody))
+					res, err := rt.RoundTrip(req)
 
-					res.WriteHeader(http.StatusUnauthorized)
-					if _, err := res.WriteString(`{}`); err != nil {
+					var tokenResponse oidc.AccessTokenResponse
+					if err := json.NewDecoder(res.Body).Decode(&tokenResponse); err != nil {
 						return nil, err
 					}
 
-					return res.Result(), nil
-				}
+					refreshToken = tokenResponse.RefreshToken
 
-				req.Body = io.NopCloser(bytes.NewReader(requestBody))
+					var buf bytes.Buffer
 
-				res, err := rt.RoundTrip(req)
+					if err := json.NewEncoder(&buf).Encode(tokenResponse); err != nil {
+						return nil, err
+					}
 
-				var tokenResponse oidc.AccessTokenResponse
-				if err := json.NewDecoder(res.Body).Decode(&tokenResponse); err != nil {
-					return nil, err
-				}
+					res.Body = io.NopCloser(&buf)
 
-				refreshToken = tokenResponse.RefreshToken
+					return res, err
+				}
 
-				var buf bytes.Buffer
+				res := httptest.NewRecorder()
+				if !strings.Contains(string(requestBody), refreshToken) {
+					res.WriteHeader(http.StatusUnauthorized)
+				} else {
+					res.WriteHeader(http.StatusOK)
+				}
 
-				if err := json.NewEncoder(&buf).Encode(tokenResponse); err != nil {
+				if _, err := res.WriteString(`{}`); err != nil {
 					return nil, err
 				}
 
-				res.Body = io.NopCloser(&buf)
-
-				return res, err
+				return res.Result(), nil
 			}),
 		},
 	} {