2.2.2. Rotate Secret Operation Response: registration_access_token
Issue #737
resolved
Is the OP permitted or even expected to issue a new registration_access_token on a rotate_secret operation?
If true, shouldn't we be more explicit on that?
Comments (4)
-
-
reporter Hi Brian,
I was actually wondering, if the "rotate_secret" op is about updating the client_secret, why would then the call also result in a new registration_access_token being issued?
Vladimir
-
Account Deleted The intent is that you would get a new registration_access_token from the rotation, and it's required to be returned whether or not its value actually changes.
-
- changed status to resolved
No change required
- Log in to comment
2.2.2. Rotate Secret Operation Response says that the registration_access_token is REQUIRED to be returned. Which seems pretty explicit, no?
http://openid.net/specs/openid-connect-registration-1_0-14.html#RotateSecretResponse