Closed davidballester closed 5 years ago
Hi @davidballester
1) I don't believe password grant type should be returning an ID Token at all, but that's beside the point. ROPC is not an OIDC grant 2) There's no point in validating the signature since the token endpoint you're calling is an https one so you might as well just decode it.
Hello, and thanks for this awesome library!
We need to use Password Grant Flow and, if I understood correctly the docs, we can do so with:
However, if we do so, we won't be taking advantage of the
id_token
validation feature, right? I checked the code and saw that bothdecryptIdToken
andvalidateIdToken
are private, so how can I achieve this?Thanks!