Device secret getting lost after a refresh tokenRequest #324
Description
Describe the bug?
Version 2.0.2
When making a refreshToken request the deviceSecret is getting overwritten from initial login.
Here is where the replaceToken method is fired
https://github.com/okta/okta-mobile-kotlin/blob/master/auth-foundation/src/main/java/com/okta/authfoundation/client/OAuth2Client.kt#L286-L288
Then it's put in storage here
https://github.com/okta/okta-mobile-kotlin/blob/master/auth-foundation/src/main/java/com/okta/authfoundation/credential/CredentialDataSource.kt#L84
In this code it merges the token attributes - refreshToken and deviceSecret. But this is never stored.
https://github.com/okta/okta-mobile-kotlin/blob/master/auth-foundation/src/main/java/com/okta/authfoundation/credential/Credential.kt#L407-L431
What is expected to happen?
deviceSecret should not be lost from storage on a refreshToken request
What is the actual behavior?
We are losing the deviceSecret attribute from the token on a refreshToken request
Reproduction Steps?
Login with device_sso as one of the scopes in the Sample app
Inspect token has deviceSecret
Tap refresh token
Close app
Open app
Inspect stored token and see deviceSecret is gone
Additional Information?
No response
SDK Version and Artifact(s) used.
2.0.2
Build Information
No response