Refresh Tokens not listed in accepted grant_type's

ConsumerDataStandardsAustralia / infosec

Work space for the consumer data right information security profile development in Australia

MIT License

16 stars 5 forks source link

Refresh Tokens not listed in accepted grant_type's #53

Open nghamilton opened 5 years ago

nghamilton commented 5 years ago

Given that refresh tokens must be supported, and the /token endpoint must accept them, should refresh_token also be included in the permitted options for the grant_type claim, as specified in Client Authentication? https://consumerdatastandardsaustralia.github.io/infosec/#client-authentication currently says it must be "authorisation_code or client_credentials".

lukepopp commented 5 years ago

Yep, good pickup thanks. Will add.

JamesMBligh commented 5 years ago

@nghamilton has this been addressed or is it still outstanding?