Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Epic: Re-design refresh token handling #3519
If the original token request was made using e.g. MTLS - we could bind the refresh token to the confirmation method -
IOW - the client would need to use the same client certificate for refreshing the token as it used to request the initial token. Might be useful for public native clients where no client secret is used.