Messages - 2.2.3 id_token MUST NOT be returned for grant_type=refresh

Issue #540 resolved
Nat Sakimura created an issue

Current text goes:

{{{ In addition to the OAuth 2.0 response parameters, the following parameters MUST be included in the response if the Authorization Request scope parameter contains openid: }}} It is not true. If the grant_type=refresh, then it MUST NOT return id_token as the user may not be in presence. It actually should return id_token only when grant_type=authorization_code.

Comments (2)

  1. Log in to comment