Don't issue refresh token if not configured

IdentityPython / oidc-op

An implementation of an OIDC Provider (OP)

Apache License 2.0

65 stars 27 forks source link

Don't issue refresh token if not configured #128

Closed nsklikas closed 3 years ago

nsklikas commented 3 years ago

This should have been in my last PR, we should respect the configured grant_types and not issue a refresh token if the refresh_token grant type is not supported

peppelinux commented 3 years ago

It seems working good, can you fix the conflicting files?

@rohe that's for the next major realease with all the contributions in, or do we think to merge only this pr for an intermediate release?

rohe commented 3 years ago

I have a couple of changes based on the logout testing. Stalled because I found an error in the test suite and they are slow to fixing. Anyway, they could hold for 2.3.0 (I think 2.3.0 is more appropriate then 2.2.1)