[Openid-specs-ab] Issue #870: Standard 3.2.1. Refresh Token Response - return of id_token prohibited, conflicts with Messages 2.2.3 (openid/connect)
Vladimir Dzhuvinov
issues-reply at bitbucket.org
Mon Sep 2 05:34:41 UTC 2013
New issue 870: Standard 3.2.1. Refresh Token Response - return of id_token prohibited, conflicts with Messages 2.2.3
https://bitbucket.org/openid/connect/issue/870/standard-321-refresh-token-response-return
Vladimir Dzhuvinov:
Hi guys,
Just noticed a conflict between the **Standard 3.2.1. Refresh Token Response** and **2.2.3. Access Token Response** specs - the former prohibits returning an ID token on token refresh while the latter allows it.
If I remember correctly the issue of returning an ID token on token refresh was settled in https://bitbucket.org/openid/connect/issue/787/messages-223-id_token-must-not-be-returned
More information about the Openid-specs-ab
mailing list