Skip to content

Refresh id tokens #751

New issue
New issue
Closed
#752
Closed
Refresh id tokens#751
#752
Labels
BugOAuth2-ProviderThis impact the provider part of OAuth2
@nsklikas

Description

@nsklikas
nsklikas
opened on Mar 8, 2021

Describe the feature
It is not possible with the current implementation to issue ID tokens on refresh.

Additional context

The refresh token modifiers (https://github.com/oauthlib/oauthlib/blob/master/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py#L66) take only 1 argument while the authorization code modifiers take 3 (https://github.com/oauthlib/oauthlib/blob/master/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py#L308).

The modifier function add_id_token used to add id tokens in the OIDC token response is not compatible with the refresh token's modifier interface.

I see no reason to have that behavior. If there are no objections I can go ahead and create a PR that will harmonize the modifier arguments and add ID tokens to the refresh token responses for OIDC out of the box.

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugOAuth2-ProviderThis impact the provider part of OAuth2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions