Subject: | LWP::Authen::OAuth2::ServiceProvider::collect_action_params() erases defaults in non-strict mode |
Date: | Thu, 20 Nov 2014 22:05:19 -0500 |
To: | bug-LWP-Authen-OAuth2 [...] rt.cpan.org |
From: | Jonathan Pyle <jhpyle [...] gmail.com> |
In LWP::Authen::OAuth2::ServiceProvider::collect_action_params(), if
is_strict is false, defaults get overwritten.
I wasn't able to use refresh tokens with Google when is_strict was false,
but it worked fine when is_strict was true. The refresh attempt failed
because no grant_type was being submitted in the post_to_token_endpoint
request.
In collect_action_params(), the original %$default may contain a key with a
definition, but then any required or optional parameters that are not
defined in oauth2_args will generate a key with an undefined value, which
will overwrite the value in %$default and cause the keys to be deleted from
the result hash.
Maybe this is intentional, but I got the sense from the documentation of
is_strict that using is_strict = false would not overwrite a default
defined in the code.