From 7f86e382729fdc89f69bd36f2887b4268bb8dd70 Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Wed, 2 Oct 2019 19:08:14 +0000
Subject: [PATCH]

---
 Controllers/AuthController.cs | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/Controllers/AuthController.cs b/Controllers/AuthController.cs
index 01bb207..1ab766f 100644
--- a/Controllers/AuthController.cs
+++ b/Controllers/AuthController.cs
@@ -75,8 +75,6 @@ namespace qbridge.Controllers
         }
 
 
-
-
         [HttpGet("start/{state}")]
         public async Task<IActionResult> GetAsync([FromRoute]string state)
         {
@@ -99,7 +97,6 @@ namespace qbridge.Controllers
 
             }
 
-
             var AuthorizationEndpoint = DiscoveryDoc["authorization_endpoint"].Value<string>();
             if (string.IsNullOrWhiteSpace(AuthorizationEndpoint))
             {
@@ -248,7 +245,10 @@ namespace qbridge.Controllers
             }
             else
             {
-                return Ok(token);
+                //User has fetched the token
+                //it's a one time thing so remove it and return it
+                TOKEN_STORE.Remove(state);
+                return Ok(token.Value);
             }
 
         }
@@ -267,6 +267,7 @@ namespace qbridge.Controllers
         public static void SweepTokenStore()
         {
             //ditch tokens older than 1 hour
+            //note that there should never be an old token because once QBOI fetches it it's removed automatically, this is just a just in case thing for now
             //QBOI2 will refresh the token so here we store only the original access token
             DateTime dtExpireAfter = DateTime.Now.AddHours(-1);
             //if the token birthday is less than an hour then it's kept in the token store