Merge pull request #14 from centraldesktop/bugfix/rfc6749-section5.1

tsuyoshizawa · tsuyoshizawa · commit 2988e186d9d0 · 2014-07-09T11:05:49.000+09:00
Add additional cache control headers per RFC 6749 Section 5.1
diff --git a/play2-oauth2-provider/src/main/scala/scalaoauth2/provider/OAuth2Provider.scala b/play2-oauth2-provider/src/main/scala/scalaoauth2/provider/OAuth2Provider.scala
@@ -114,7 +114,7 @@ trait OAuth2Provider extends OAuth2BaseProvider {
     TokenEndpoint.handleRequest(request, dataHandler) match {
       case Left(e) if e.statusCode == 400 => BadRequest(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e))
       case Left(e) if e.statusCode == 401 => Unauthorized(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e))
-      case Right(r) => Ok(Json.toJson(responseAccessToken(r)))
+      case Right(r) => Ok(Json.toJson(responseAccessToken(r))).withHeaders("Cache-Control" -> "no-store", "Pragma" -> "no-cache")
     }
   }
 
@@ -185,7 +185,7 @@ trait OAuth2AsyncProvider extends OAuth2BaseProvider {
     TokenEndpoint.handleRequest(request, dataHandler) match {
       case Left(e) if e.statusCode == 400 => Future.successful(BadRequest(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e)))
       case Left(e) if e.statusCode == 401 => Future.successful(Unauthorized(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e)))
-      case Right(r) => Future.successful(Ok(Json.toJson(responseAccessToken(r))))
+      case Right(r) => Future.successful(Ok(Json.toJson(responseAccessToken(r))).withHeaders("Cache-Control" -> "no-store", "Pragma" -> "no-cache"))
     }
   }
 

Original file line number	Diff line number	Diff line change
`@@ -114,7 +114,7 @@ trait OAuth2Provider extends OAuth2BaseProvider {`
`114`	`114`	`TokenEndpoint.handleRequest(request, dataHandler) match {`
`115`	`115`	`case Left(e) if e.statusCode == 400 => BadRequest(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e))`
`116`	`116`	`case Left(e) if e.statusCode == 401 => Unauthorized(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e))`
`117`		`- case Right(r) => Ok(Json.toJson(responseAccessToken(r)))`
	`117`	`+ case Right(r) => Ok(Json.toJson(responseAccessToken(r))).withHeaders("Cache-Control" -> "no-store", "Pragma" -> "no-cache")`
`118`	`118`	`}`
`119`	`119`	`}`
`120`	`120`
`@@ -185,7 +185,7 @@ trait OAuth2AsyncProvider extends OAuth2BaseProvider {`
`185`	`185`	`TokenEndpoint.handleRequest(request, dataHandler) match {`
`186`	`186`	`case Left(e) if e.statusCode == 400 => Future.successful(BadRequest(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e)))`
`187`	`187`	`case Left(e) if e.statusCode == 401 => Future.successful(Unauthorized(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e)))`
`188`		`- case Right(r) => Future.successful(Ok(Json.toJson(responseAccessToken(r))))`
	`188`	`+ case Right(r) => Future.successful(Ok(Json.toJson(responseAccessToken(r))).withHeaders("Cache-Control" -> "no-store", "Pragma" -> "no-cache"))`
`189`	`189`	`}`
`190`	`190`	`}`
`191`	`191`