From f5046a5a1dbc6eeaf37e93806d5dd15cc3e3a32a Mon Sep 17 00:00:00 2001
From: Jake Dallimore <jake@moodle.com>
Date: Tue, 22 Sep 2020 11:18:17 +0800
Subject: [PATCH] MDL-59510 core: report oauth2_refresh_token table in core
 provider

---
 lang/en/moodle.php               |  7 +++++++
 lib/classes/privacy/provider.php | 11 +++++++++++
 2 files changed, 18 insertions(+)

diff --git a/lang/en/moodle.php b/lang/en/moodle.php
index bf203b59069..41b2cee1ec0 100644
--- a/lang/en/moodle.php
+++ b/lang/en/moodle.php
@@ -1630,6 +1630,13 @@ $string['privacy:metadata:log:module'] = 'module';
 $string['privacy:metadata:log:time'] = 'The time when the action took place';
 $string['privacy:metadata:log:url'] = 'The URL related to the event';
 $string['privacy:metadata:log:userid'] = 'The ID of the user who performed the action';
+$string['privacy:metadata:oauth2_refresh_token'] = 'Refresh token used in OAuth 2.0 communication';
+$string['privacy:metadata:oauth2_refresh_token:issuerid'] = 'The ID of the issuer to which the token corresponds';
+$string['privacy:metadata:oauth2_refresh_token:scopehash'] = 'The ID of the user to whom the token corresponds';
+$string['privacy:metadata:oauth2_refresh_token:token'] = 'The refresh token for the respective scopes and user';
+$string['privacy:metadata:oauth2_refresh_token:timecreated'] = 'The time when the token was created';
+$string['privacy:metadata:oauth2_refresh_token:timemodified'] = 'The time when the token was last updated';
+$string['privacy:metadata:oauth2_refresh_token:userid'] = 'The ID of the user to whom the token corresponds';
 $string['privacy:metadata:task_adhoc'] = 'The status of ad hoc tasks.';
 $string['privacy:metadata:task_adhoc:component'] = 'The component owning the task.';
 $string['privacy:metadata:task_adhoc:nextruntime'] = 'The earliest time to run this task.';
diff --git a/lib/classes/privacy/provider.php b/lib/classes/privacy/provider.php
index bc9b8f8cf78..e49598b8e55 100644
--- a/lib/classes/privacy/provider.php
+++ b/lib/classes/privacy/provider.php
@@ -114,6 +114,17 @@ class provider implements
             'info' => 'privacy:metadata:log:info'
         ], 'privacy:metadata:log');
 
+        // The oauth2_refresh_token stores refresh tokens, allowing ongoing access to select oauth2 services.
+        // Such tokens are not considered to be user data.
+        $collection->add_database_table('oauth2_refresh_token', [
+            'timecreated' => 'privacy:metadata:oauth2_refresh_token:timecreated',
+            'timemodified' => 'privacy:metadata:oauth2_refresh_token:timemodified',
+            'userid' => 'privacy:metadata:oauth2_refresh_token:userid',
+            'issuerid' => 'privacy:metadata:oauth2_refresh_token:issuerid',
+            'token' => 'privacy:metadata:oauth2_refresh_token:token',
+            'scopehash' => 'privacy:metadata:oauth2_refresh_token:scopehash'
+        ], 'privacy:metadata:oauth2_refresh_token');
+
         return $collection;
     }