• Bobby Rullo's avatar
    refresh tokens: grant claims based on scopes · 75473b4c
    Bobby Rullo authored
    Before,  this logic was only in the OIDCServer.CodeToken() method; now it has been
    pulled out so that other paths, like OIDCServer.RefreshToken() can use
    it.
    
    The net affect, is that now refresh tokens can be used to get
    cross-client authenticated ID Tokens.
    75473b4c
repo.go 1.81 KB