Closed yaronf closed 3 months ago
Sec. 6.1 (in particular the example), what is the meaning of a response with an access token, a refresh token as well as an auth_session, what is the client expected to do? How should it use the auth_session?
The auth_session should be cached by the client in case it is needed for the stepu-up authentication flow as described in the Appendix (section A.7).
Sec. 6.1 (in particular the example), what is the meaning of a response with an access token, a refresh token as well as an auth_session, what is the client expected to do? How should it use the auth_session?