Closed DonMartin76 closed 3 years ago
Does the API call to refresh token is registered in kong? In other words if an api is protected using Oauth2, clients can call to refresh token through kong DNS and not Wicked DNS
How the token refreshing works has not changed. Clients still need to call wicked's Authorization Server endpoints, just like before. This outside behaviour is exactly the same - the issue was only that Kong didn't support querying the access tokens for refresh token anymore.
Use wicked's own access token management to enable querying for refresh tokens and authenticated user ID. Without this, it's not possible to port wicked to using Kong 1.5.1 (or any Kong 1.x version actually). This also fixes the issue with the profile not being correct after a token refresh.