client_credentials workflow shouldn't create a refresh token

indigo-iam / iam

INDIGO Identity and Access Management Service

https://indigo-iam.github.io/

Other

102 stars 43 forks source link

client_credentials workflow shouldn't create a refresh token #847

Open balciiberk opened 5 days ago

balciiberk commented 5 days ago

When a token request with offline_access scope is sent with client_credentials workflow, it doesn't return a refresh token but it creates it and stores it in the DB. It shouldn't create the refresh token at all.

maarten-litmaath commented 5 days ago

This issue should be labeled high priority, thanks!