From 8c364c0292e64254f7c8777f61fbb1ea2cc83957 Mon Sep 17 00:00:00 2001
From: Peter Viszt <gtpassatgt@gmail.com>
Date: Wed, 24 Aug 2016 22:16:48 +0200
Subject: [PATCH 1/4] postLoginHandler for OAuth2 Password Grant

---
 lib/controllers/get-token.js | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/controllers/get-token.js b/lib/controllers/get-token.js
index 490b5f02..33479752 100644
--- a/lib/controllers/get-token.js
+++ b/lib/controllers/get-token.js
@@ -19,6 +19,7 @@ module.exports = function (req, res) {
   var grantType = req.body.grant_type;
   var isPostRequest = req.method === 'POST';
   var logger = req.app.get('stormpathLogger');
+  var loginHandler = config.postLoginHandler;
 
   function writeErrorResponse(err) {
     var error = {
@@ -50,7 +51,13 @@ module.exports = function (req, res) {
           return writeErrorResponse(err);
         }
 
-        res.json(authResult.accessTokenResponse);
+        if (loginHandler) {
+          loginHandler(req.user, req, res, function () {
+            res.json(authResult.accessTokenResponse);
+          });
+        } else {
+          res.json(authResult.accessTokenResponse);
+        }
       });
       break;
 

From df94344122bf227849b96f8e9be804023e7bfacd Mon Sep 17 00:00:00 2001
From: Peter Viszt <gtpassatgt@gmail.com>
Date: Wed, 24 Aug 2016 22:52:08 +0200
Subject: [PATCH 2/4] postLoginHandler only for password grant

---
 lib/controllers/get-token.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/controllers/get-token.js b/lib/controllers/get-token.js
index 33479752..fb96dabd 100644
--- a/lib/controllers/get-token.js
+++ b/lib/controllers/get-token.js
@@ -51,7 +51,7 @@ module.exports = function (req, res) {
           return writeErrorResponse(err);
         }
 
-        if (loginHandler) {
+        if (loginHandler && grantType == 'password') {
           loginHandler(req.user, req, res, function () {
             res.json(authResult.accessTokenResponse);
           });

From d418398af40e51feee545672fc3cad06311bc870 Mon Sep 17 00:00:00 2001
From: Peter Viszt <gtpassatgt@gmail.com>
Date: Thu, 25 Aug 2016 13:01:04 +0200
Subject: [PATCH 3/4] postLoginHandler with existing switch structure

---
 lib/controllers/get-token.js | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/lib/controllers/get-token.js b/lib/controllers/get-token.js
index fb96dabd..b5d54c1f 100644
--- a/lib/controllers/get-token.js
+++ b/lib/controllers/get-token.js
@@ -43,7 +43,6 @@ module.exports = function (req, res) {
       });
       break;
     case 'password':
-    case 'refresh_token':
       var authenticator = new stormpath.OAuthAuthenticator(application);
 
       authenticator.authenticate(req, function (err, authResult) {
@@ -51,7 +50,7 @@ module.exports = function (req, res) {
           return writeErrorResponse(err);
         }
 
-        if (loginHandler && grantType == 'password') {
+        if (loginHandler) {
           loginHandler(req.user, req, res, function () {
             res.json(authResult.accessTokenResponse);
           });
@@ -61,6 +60,18 @@ module.exports = function (req, res) {
       });
       break;
 
+    case 'refresh_token':
+      var authenticator = new stormpath.OAuthAuthenticator(application);
+
+      authenticator.authenticate(req, function (err, authResult) {
+        if (err) {
+          return writeErrorResponse(err);
+        }
+
+        res.json(authResult.accessTokenResponse);
+      });
+      break;
+
     case 'client_credentials':
       application.authenticateApiRequest({
         request: req,

From ceda2be10ec73c4bbc3462ef0c445250fa9ca4ca Mon Sep 17 00:00:00 2001
From: Peter Viszt <gtpassatgt@gmail.com>
Date: Thu, 25 Aug 2016 21:23:59 +0200
Subject: [PATCH 4/4] Return the current user to the loginHandler

---
 lib/controllers/get-token.js | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/controllers/get-token.js b/lib/controllers/get-token.js
index b5d54c1f..7480bdef 100644
--- a/lib/controllers/get-token.js
+++ b/lib/controllers/get-token.js
@@ -15,6 +15,7 @@ var stormpath = require('stormpath');
  */
 module.exports = function (req, res) {
   var application = req.app.get('stormpathApplication');
+  var client = req.app.get('stormpathClient');
   var config = req.app.get('stormpathConfig');
   var grantType = req.body.grant_type;
   var isPostRequest = req.method === 'POST';
@@ -51,8 +52,14 @@ module.exports = function (req, res) {
         }
 
         if (loginHandler) {
-          loginHandler(req.user, req, res, function () {
-            res.json(authResult.accessTokenResponse);
+          client.getAccount(authResult.account.href, function (err, account) {
+            if (err) {
+              return writeErrorResponse(err);
+            }
+
+            loginHandler(account, req, res, function () {
+              res.json(authResult.accessTokenResponse);
+            });
           });
         } else {
           res.json(authResult.accessTokenResponse);