Fix refresh tokens - Githubissues

IdentityPython / oidc-op

An implementation of an OIDC Provider (OP)

Apache License 2.0

64 stars 26 forks source link

Closed nsklikas closed 3 years ago

nsklikas commented 3 years ago

Fixes various issues with refresh:

The id tokens issued after a refresh were not JWTs.
Also fixed the way claims were added to the ID tokens, the claims that were passed from the grant were ignored.
The scopes returned were not correct (we returned the scopes of the original authorization request, not of this request).
We didn't always return an error when invalid scopes were requested

peppelinux commented 3 years ago

@nsklikas for this chore I'd wait Roland before doing my revision

nsklikas commented 3 years ago

I also pushed some minor fixes for refresh token:

The scopes returned were not correct (we returned the scopes of the original authorization request, not of this request).
We didn't always return an error when invalid scopes were requested

peppelinux commented 3 years ago

The scopes returned were not correct (we returned the scopes of the original authorization request, not of this request).

Probably we had an issue on this problem, thank you, probably It wasn't fixed completely

We didn't always return an error when invalid scopes were requested

On invalid scopes we had an option in the old oidcendpoint to handle this, we should check