leastprivilege
commented
8 years ago That's a known bug.
It is tracked here https://github.com/IdentityServer/IdentityServer3/issues/3260
Closed ghost closed 8 years ago
leastprivilege
commented
8 years ago That's a known bug.
It is tracked here https://github.com/IdentityServer/IdentityServer3/issues/3260
Access token is written in the database with auth_time as string. ... {"Type":"auth_time","Value":"1478011385"},{"Type":"idp","Value":"idsrv"},{"Type":"amr","Value":"password"}
This is making this values as a string again when the token is refreshed and UpdateAccessTokenOnRefresh is set to false.
A bug related to this has been around in JWT Microsoft library but this one was fixed, It seems that serialization used here for access token does not respect type that comes attached to claim.