Closed jjg-123 closed 2 months ago
The OAuth 2 spec (https://www.rfc-editor.org/rfc/rfc6749#page-47) asserts in section 6 that the refresh token is required. The code should check for this explicitly and fail outright.
The OAuth 2 spec (https://www.rfc-editor.org/rfc/rfc6749#page-47) asserts in section 6 that the refresh token is required. The code should check for this explicitly and fail outright.