You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
reserve a special role for refresh tokens, i.e. _REFRESH
add a scope object to the token and move the roles declaration into scope. Only access tokens have the roles property, refresh tokens have a property refresh set to true. See example below.
According to the RFC: https://tools.ietf.org/html/rfc6749#section-1.4
https://tools.ietf.org/html/rfc6749#section-1.5
This implies that refresh tokens shouldn't be valid to access resources but only to get new access tokens.
At this moment Micronaut allows to access to resources using accessTokens.
Review how other implementations manage this.
The text was updated successfully, but these errors were encountered: