[mitreid-connect] missing refresh token
Marcin Krystek
mkrystek at man.poznan.pl
Thu Jan 22 10:22:56 EST 2015
Hello,
I'm using 1.2.0-SNAPSHOT of MITREID server, downloaded and build today.
I'm trying to authorize user using authorization code flow. It works
fine, the correct access token and id token are issued.
However I'm not able to obtain a refresh token.
I'm using the following client configuration:
In the administration panel, Manage Clients -> Edit
Access tab:
redelegate - checked
Tokens tab:
Refresh tokens are issued for this client - checked
Refresh tokens for this client are re-used - checked
Refresh tokens do not time out - checked
I'm making REST call to obtain an access token:
/openid-connect-server-webapp/token
using following parameters:
grant_type=authorization_code
code=[codeValue]
client_secret=[secret]
client_id=[client_id]
redirect_uri=[redirect_uri]
The server returns JSON object:
{
"expires_in" : 3599,
"id_token" : "valid_id_token",
"access_token" : "valid_access_token",
"token_type" : "Bearer",
"scope" : "phone email address openid profile"
}
The "refresh_token" parameter is missing.
I know that refresh_token is an optional parameter, however based on the
presented configuration server should issue a refresh_token. Is that
right or I'm missing something?
best
Marcin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150122/a00ad5e4/attachment.htm
More information about the mitreid-connect
mailing list