We should be able to call this on the top level (?) module and not be concerned about what the original grant type was, as the alternative is having to know that and that adds complications (possibly avoidable). There is one concern in that the Implicit Grant does't support refresh tokens so there may need to be some refactoring in lib/Net/OAuth2/AuthorizationServer/ImplicitGrant.pm.
So, ultimately we need a ->verify_access_token that isn't coupled to any grant type and does nothing with refresh tokens (currently the refresh token verification is using verify_access_token).
We should be able to call this on the top level (?) module and not be concerned about what the original grant type was, as the alternative is having to know that and that adds complications (possibly avoidable). There is one concern in that the Implicit Grant does't support refresh tokens so there may need to be some refactoring in lib/Net/OAuth2/AuthorizationServer/ImplicitGrant.pm.
So, ultimately we need a ->verify_access_token that isn't coupled to any grant type and does nothing with refresh tokens (currently the refresh token verification is using
verify_access_token
).