[Openid-specs-ab] [openid/connect] Messages 2.2.3 id_token MUST NOT be returned if the grant_type is not authorization_code (issue #787)
John Bradley
issues-reply at bitbucket.org
Thu Feb 28 01:51:54 UTC 2013
--- you can reply above this line ---
New issue 787: Messages 2.2.3 id_token MUST NOT be returned if the grant_type is not authorization_code
https://bitbucket.org/openid/connect/issue/787/messages-223-id_token-must-not-be-returned
John Bradley:
We should relax this to allow id_tokens to be returned for refresh or assertions.
The id_token for refresh tokens is the one that was for the session that generated the refresh token.
--
This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.
More information about the Openid-specs-ab
mailing list