Closed basz closed 8 years ago
I'm not really sure that using different grant types is such a common use case. I don't feel the extra complexity in having per grant config is worthwhile.
Envoyé de mon iPhone
Le 9 mai 2016 à 13:12, Bas Kamer notifications@github.com a écrit :
Configuration requires a little polishing as not all parts are configurable. see discussed at #53
Besides identifying what options are present but not configurable, we additionally might think about setting options per grant type and there combinations? I mean someone might want refresh_token rotated for the PasswordGrant but not for the ClientCredentialsGrant. Perhaps someone wants no refresh tokens at all for on PasswordGrants but for ClientCredentialsGrant he does. Not registering RefreshTokenGrant is not an option then. I do want to express that I probably won't be using such fine-grained control so for me it would be ok to just leave it. Would avoiding adding additional complexity.
rotateRefreshTokens can not be configured currently revokeRotatedRefreshTokens, should be added
53 configure responseCode to be other then 400 for invalid_grant responses. (and others?)
— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub
can be closed
Configuration requires a little polishing as not all parts are configurable. see discussed at #53
Besides identifying what options are present but not configurable, we additionally might think about setting options per grant type and there combinations? I mean someone might want refresh_token rotated for the PasswordGrant but not for the ClientCredentialsGrant. Perhaps someone wants no refresh tokens at all for on PasswordGrants but for ClientCredentialsGrant he does. Not registering RefreshTokenGrant is not an option then. I do want to express that I probably won't be using such fine-grained control so for me it would be ok to just leave it. Would avoiding adding additional complexity.
invalid_grant
responses. (and others?)