New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Oidc refresh #752
Oidc refresh #752
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you check & update the documentation generated for oidc please ?
tox -e docs
Hello! I am making the same functional in my own project and faced with a little problem. An attribute request.client_id is used in add_id_token, but request.client_id is not set if using client_secret_basic authentication rather than client_secret_post. I suggest to make modification in add_id_token in this PR: - id_token['aud'] = request.client_id
+ id_token['aud'] = request.client_id or request.client.client_id |
You are correct, this seems like a bug. But I don't think this is the right PR to fix this, unless @JonathanHuot thinks otherwise. |
Any news on this? |
It's not clear to me what changes are required, can you please elaborate? |
Depending the AS implementation, the id_token can be refreshed :
I see that 1) and 2) can be implemented with the boolean, but not 3). I was wondering if it is possible to implement to support 3) as well. |
Yea, that makes sense. Moving it to the validator provides more flexibility. I removed the class variable |
The RefreshTokenGrant modifiers now take the same arguments as the AuthorizationCodeGrant modifiers
I think it should be fine now. |
Any changes needed? |
LGTM Thanks for the feature! |
Fixes #751
This PR adds support for refreshing ID Tokens.
This PR breaks backwards compatibility with
RefreshTokenGrant
modifiers. If this is a problem, I could change theRefreshTokenGrant
modifiers only for OIDC in order to remain backwards compatible.