Refresh id tokens #751

nsklikas · 2021-03-08T11:12:20Z

Describe the feature
It is not possible with the current implementation to issue ID tokens on refresh.

Additional context

The refresh token modifiers (https://github.com/oauthlib/oauthlib/blob/master/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py#L66) take only 1 argument while the authorization code modifiers take 3 (https://github.com/oauthlib/oauthlib/blob/master/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py#L308).

The modifier function add_id_token used to add id tokens in the OIDC token response is not compatible with the refresh token's modifier interface.

I see no reason to have that behavior. If there are no objections I can go ahead and create a PR that will harmonize the modifier arguments and add ID tokens to the refresh token responses for OIDC out of the box.

The text was updated successfully, but these errors were encountered:

thedrow · 2021-03-10T11:09:31Z

Please do.

thedrow added Bug OAuth2-Provider This impact the provider part of OAuth2 labels Mar 10, 2021

nsklikas mentioned this issue Mar 22, 2021

Oidc refresh #752

Merged

JonathanHuot closed this as completed in #752 Aug 12, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Refresh id tokens #751

Refresh id tokens #751

nsklikas commented Mar 8, 2021

thedrow commented Mar 10, 2021

Refresh id tokens #751

Refresh id tokens #751

Comments

nsklikas commented Mar 8, 2021

thedrow commented Mar 10, 2021