CIBA treatment of refresh tokens is somewhat inconsistent or unclear
Issue #76
resolved
The treatment of refresh tokens seems a bit inconsistent with some text sounding like it might imply that RT will/must always be returned. Other text is more clear that it's optional, which is is the case with other OAuth flows/grants, and how it should probably also be throughout CIBA.
Comments (2)
-
reporter -
- changed status to resolved
merged PR
- Log in to comment
Pull request attempting to address this: https://bitbucket.org/openid/mobile/pull-requests/10/be-clear-that-refresh-tokens-are-optional/diff