-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add offline scope for refresh tokens #97
Comments
What's a refresh token with an offline scope? |
Right now RT are issued always. This is a security weakness. In the future the RT should only be issued when the scope 'offline' is set. This is how most OAuth2 providers do it, like Google and MS Gesendet mit meinem HTC ----- Reply message ----- What's a refresh token with an offline scope? You are receiving this because you authored the thread. |
No description provided.
The text was updated successfully, but these errors were encountered: