Only revoke token if no or invalid refresh token.

google · Nov 12, 2019 · 20d711b · 20d711b
1 parent 8c10dec
commit 20d711b
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/includes/Core/Authentication/Clients/OAuth_Client.php b/includes/Core/Authentication/Clients/OAuth_Client.php
@@ -237,7 +237,9 @@ function( $cache_key, $access_token ) {
 	public function refresh_token() {
 		$refresh_token = $this->get_refresh_token();
 		if ( empty( $refresh_token ) ) {
+			$this->revoke_token();
 			$this->user_options->set( self::OPTION_ERROR_CODE, 'refresh_token_not_exist' );
+			return;
 		}
 
 		// Stop if google_client not initialized yet.
@@ -257,7 +259,9 @@ public function refresh_token() {
 				$error_code = $e->getMessage();
 			}
 			// Revoke and delete user connection data if the refresh token is invalid or expired.
-			$this->revoke_token();
+			if ( 'invalid_grant' === $error_code ) {
+				$this->revoke_token();
+			}
 			$this->user_options->set( self::OPTION_ERROR_CODE, $error_code );
 			return;
 		}