Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
I created an application and generated the client credentials and also enabling the refresh token using the checkbox from the API Manager's devportal. I also set the refresh token expiry time to 14 days.
Thereafter, when I invoked the token endpoint using the password grant type, the refresh token gets renewed on each token request. However, I noticed that if I set the token type to default instead of JWT from the IS console, there's no issue. It seems as if the refresh token has got bound with the the JWT token and gets renewed with every new JWT token.
Set the refresh token expiry to 14 days in the deployment.toml of the wso2is-5.11.0.
[oauth.token_validation]
refresh_token_validity= "14d"
Log into the devportal of the wso2am-4.1.0 and create an application and generate the client credentials.
Tick the checkbox near refresh token and password to enable the refresh token generation.
Invoke the token endpoint multiple times using the password grant type, passing the necessary parameters.
Expected behavior:
The refresh token should remain the same in each token response until 14 days for the same client credentials, username and password.
Environment information (Please complete the following information; remove any unnecessary fields) :
Describe the issue: I have integrated wso2is-5.11.0 as the key manager for wso2am-4.1.0 according to the official documentation.
https://apim.docs.wso2.com/en/4.1.0/install-and-setup/setup/distributed-deployment/configuring-wso2-identity-server-as-a-key-manager/
I created an application and generated the client credentials and also enabling the refresh token using the checkbox from the API Manager's devportal. I also set the refresh token expiry time to 14 days. Thereafter, when I invoked the token endpoint using the password grant type, the refresh token gets renewed on each token request. However, I noticed that if I set the token type to default instead of JWT from the IS console, there's no issue. It seems as if the refresh token has got bound with the the JWT token and gets renewed with every new JWT token.
How to reproduce:
Expected behavior: The refresh token should remain the same in each token response until 14 days for the same client credentials, username and password.
Environment information (Please complete the following information; remove any unnecessary fields) :