Standard 3.2.1. Refresh Token Response - return of id_token prohibited, conflicts with Messages 2.2.3
Issue #870
resolved
Hi guys,
Just noticed a conflict between the Standard 3.2.1. Refresh Token Response and 2.2.3. Access Token Response specs - the former prohibits returning an ID token on token refresh while the latter allows it.
If I remember correctly the issue of returning an ID token on token refresh was settled in https://bitbucket.org/openid/connect/issue/787/messages-223-id_token-must-not-be-returned
Comments (6)
-
-
-
assigned issue to
-
assigned issue to
-
We need to fix both old document and new refractor version.
-
reporter Thanks. It would help to explain the connection to AZP as I don't understand that.
-
- changed milestone to Final
-
assigned issue to
We need to consistently allow this, as is done in Standard.
-
- changed status to resolved
Fixed
#870- Refresh Token Response - return of id_token prohibited, conflicts with Messages 2.2.3→ <<cset 8aad55e48cee>>
- Log in to comment
When we introduced azp, we allowed ID Token to be allowed to be returned for refresh token.