[Openid-specs-mobile-profile] Issue #76: CIBA treatment of refresh tokens is somewhat inconsistent or unclear (openid/mobile)

Brian Campbell issues-reply at bitbucket.org
Thu Jul 12 19:08:25 UTC 2018


New issue 76: CIBA treatment of refresh tokens is somewhat inconsistent or unclear
https://bitbucket.org/openid/mobile/issues/76/ciba-treatment-of-refresh-tokens-is

Brian Campbell:

The treatment of refresh tokens seems a bit inconsistent with some text sounding like it might imply that RT will/must always be returned. Other text is more clear that it's optional, which is is the case with other OAuth flows/grants, and how it should probably also be throughout CIBA.




More information about the Openid-specs-mobile-profile mailing list