Controllers/AuthController.cs

@@ -75,8 +75,6 @@ namespace qbridge.Controllers
         }
 
 
-
-
         [HttpGet("start/{state}")]
         public async Task<IActionResult> GetAsync([FromRoute]string state)
         {
@@ -99,7 +97,6 @@ namespace qbridge.Controllers
 
             }
 
-
             var AuthorizationEndpoint = DiscoveryDoc["authorization_endpoint"].Value<string>();
             if (string.IsNullOrWhiteSpace(AuthorizationEndpoint))
             {
@@ -248,7 +245,10 @@ namespace qbridge.Controllers
             }
             else
             {
-                return Ok(token);
+                //User has fetched the token
+                //it's a one time thing so remove it and return it
+                TOKEN_STORE.Remove(state);
+                return Ok(token.Value);
             }
 
         }
@@ -267,6 +267,7 @@ namespace qbridge.Controllers
         public static void SweepTokenStore()
         {
             //ditch tokens older than 1 hour
+            //note that there should never be an old token because once QBOI fetches it it's removed automatically, this is just a just in case thing for now
             //QBOI2 will refresh the token so here we store only the original access token
             DateTime dtExpireAfter = DateTime.Now.AddHours(-1);
             //if the token birthday is less than an hour then it's kept in the token store