Closed nsklikas closed 3 years ago
@nsklikas for this chore I'd wait Roland before doing my revision
I also pushed some minor fixes for refresh token:
- The scopes returned were not correct (we returned the scopes of the original authorization request, not of this request).
Probably we had an issue on this problem, thank you, probably It wasn't fixed completely
- We didn't always return an error when invalid scopes were requested
On invalid scopes we had an option in the old oidcendpoint to handle this, we should check
Fixes various issues with refresh: