Do not reuse tokens for "Institute Access" at other institute access servers

[ghost]

It seems the apps also try to use tokens obtained from a "institute access" server at other servers, just like for "secure internet". This is very wrong, not sure how it got to be this way?!

https://github.com/eduvpn/documentation/blob/v2/INSTANCE_DISCOVERY.md#authorization

[jeroenleenarts]

This was changes in the documentation end of august. The current logic is based on a previous version of the discovery documentation.

Also the "weekly refresh" is NOT in the codebase yet.

[ghost]

This was changes in the documentation end of august. The current logic is based on a previous version of the discovery documentation.

Not it wasn't. It was always there, just explained differently. It has to do with the "authorization_type" that is set to "local" in the discovery file. Look through the old revisions if you want.