-
-
Notifications
You must be signed in to change notification settings - Fork 932
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refresh_token should not be included in Client Credentials Grant #174
Comments
👍 Good spot |
+1 |
Getting the same failure here. I've configured my app to use all 4 grant types. However in cases there I use client credentials, and don't want a refresh token, the below check doesn't work (since this.config.grants does contain refresh token)
It would make sense to check both this.config.grants AND the current method. |
A refresh_token is being returned when using the Client Credentials Grant.
It should probably be removed from this grant type to better adhere to http://tools.ietf.org/html/rfc6749#section-4.4.3
The text was updated successfully, but these errors were encountered: