I have my authorization server (spring boot auth server) refusing to return a access token for silent refresh. However initial request for code flow works just fine.
After doing some investigating, I find out that for some reason, silent refresh /oauth2/token send Authorization header with request
but initial one doesn't
then my auth server tries to decode jwt token and extract client auth from it and fails.
So my question is, is that a expected behavior? I can't see in oauth2 specification any case when users access token used for obtaining a new token. Or there is a problem on my configuration side and this not suppose to happen
I have my authorization server (spring boot auth server) refusing to return a access token for silent refresh. However initial request for code flow works just fine. After doing some investigating, I find out that for some reason, silent refresh /oauth2/token send Authorization header with request
but initial one doesn't
then my auth server tries to decode jwt token and extract client auth from it and fails.
So my question is, is that a expected behavior? I can't see in oauth2 specification any case when users access token used for obtaining a new token. Or there is a problem on my configuration side and this not suppose to happen