Merge branch 'development' into release-4.2.0

Author: jankapunkt

.github/workflows/tests-release.yml

@@ -57,7 +57,7 @@ jobs:
           ${{ runner.os }}-node-${{ matrix.node }}
 
     # for this workflow we also require npm audit to pass
-    - run: npm ci
+    - run: npm i
     - run: npm run test:coverage
 
     # with the following action we enforce PRs to have a high coverage
@@ -110,7 +110,7 @@ jobs:
     # we just cloned and install it as local dependency
     - run: |
         cd github/testing/express
-        npm ci
+        npm i
         npm install ../../../
         npm run test
 
@@ -125,7 +125,7 @@ jobs:
         with:
           node-version: 12
           registry-url: https://registry.npmjs.org/
-      - run: npm ci
+      - run: npm i
       - run: npm publish --dry-run
         env:
           NODE_AUTH_TOKEN: ${{secrets.npm_token}}
@@ -143,7 +143,7 @@ jobs:
         # we always publish targeting the lowest supported node version
         node-version: 12
         registry-url: $registry-url(npm)
-    - run: npm ci
+    - run: npm i
     - run: npm publish --dry-run
       env:
         NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/tests.yml

@@ -35,7 +35,7 @@ jobs:
         key: ${{ runner.os }}-node-${{ matrix.node }}-${{ hashFiles('**/package-lock.json') }}
         restore-keys: |
           ${{ runner.os }}-node-${{ matrix.node }}
-    - run: npm ci
+    - run: npm i
     - run: npm run test:coverage
 
     # with the following action we enforce PRs to have a high coverage

.gitignore

@@ -39,3 +39,6 @@ tramp
 # coverage
 coverage
 .nyc_output
+
+package-lock.json
+yarn.lock

.npmignore

@@ -1 +1,3 @@
 test/
+package-lock.json
+yarn.lock

.npmrc

@@ -0,0 +1 @@
+package-lock=false

lib/grant-types/refresh-token-grant-type.js

@@ -101,7 +101,7 @@ RefreshTokenGrantType.prototype.getRefreshToken = function(request, client) {
       }
 
       if (token.client.id !== client.id) {
-        throw new InvalidGrantError('Invalid grant: refresh token is invalid');
+        throw new InvalidGrantError('Invalid grant: refresh token was issued to another client');
       }
 
       if (token.refreshTokenExpiresAt && !(token.refreshTokenExpiresAt instanceof Date)) {
@@ -130,7 +130,7 @@ RefreshTokenGrantType.prototype.revokeToken = function(token) {
   return promisify(this.model.revokeToken, 1).call(this.model, token)
     .then(function(status) {
       if (!status) {
-        throw new InvalidGrantError('Invalid grant: refresh token is invalid');
+        throw new InvalidGrantError('Invalid grant: refresh token is invalid or could not be revoked');
       }
 
       return token;