openid / connect / issues / #870 - Standard 3.2.1. Refresh Token Response - return of id_token prohibited, conflicts with Messages 2.2.3 — Bitbucket

Issue #870 resolved

Vladimir Dzhuvinov created an issue 2013-09-02

Hi guys,

Just noticed a conflict between the Standard 3.2.1. Refresh Token Response and 2.2.3. Access Token Response specs - the former prohibits returning an ID token on token refresh while the latter allows it.

If I remember correctly the issue of returning an ID token on token refresh was settled in https://bitbucket.org/openid/connect/issue/787/messages-223-id_token-must-not-be-returned

Comments (6)

Nat Sakimura
When we introduced azp, we allowed ID Token to be allowed to be returned for refresh token.
- 2013-09-12T14:42:34+00:00
Nat Sakimura
- assigned issue to
  
  Nat Sakimura
- 2013-09-12T14:42:55+00:00
Nat Sakimura
We need to fix both old document and new refractor version.
- 2013-09-12T14:43:50+00:00
Vladimir Dzhuvinov reporter
Thanks. It would help to explain the connection to AZP as I don't understand that.
- 2013-09-12T15:46:48+00:00
Michael Jones
- changed milestone to Final
- assigned issue to
  
  Michael Jones
We need to consistently allow this, as is done in Standard.
- 2013-09-23T23:56:08+00:00
Michael Jones
- changed status to resolved
Fixed ~~#870~~ - Refresh Token Response - return of id_token prohibited, conflicts with Messages 2.2.3

→ <<cset 8aad55e48cee>>
- 2013-10-13T19:27:30+00:00
Log in to comment

Assignee: Michael Jones

Type: bug

Priority: major

Status: resolved

Component: Standard

Milestone: Final

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!