You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm not sure why, but the refresh_token is not being returned from the saveToken call for the client_credentials grant. I've tried to poke through the RFC to see if there's anything that says a refresh token should not be returned, and I don't see anything, but definitely in the code of client-credentials-grant-type.js#saveToken, you are not returning a refresh token, but authorization-code-grant-type.js#saveToken does.
To Reproduce
Steps to reproduce the behavior:
oauthServer.token call with client_credentials grant and notice there is no refresh token being generated, as described above.
Repeat process for authorization_code grant type and it is generated. I feel like this may be a miss.
Expected behavior
A refresh token should be returned for all token requests, regardless of the grant type used.
The text was updated successfully, but these errors were encountered:
Describe the bug
I'm not sure why, but the refresh_token is not being returned from the saveToken call for the client_credentials grant. I've tried to poke through the RFC to see if there's anything that says a refresh token should not be returned, and I don't see anything, but definitely in the code of client-credentials-grant-type.js#saveToken, you are not returning a refresh token, but authorization-code-grant-type.js#saveToken does.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A refresh token should be returned for all token requests, regardless of the grant type used.
The text was updated successfully, but these errors were encountered: