Open
Description
Describe the bug
I'm not sure why, but the refresh_token is not being returned from the saveToken call for the client_credentials grant. I've tried to poke through the RFC to see if there's anything that says a refresh token should not be returned, and I don't see anything, but definitely in the code of client-credentials-grant-type.js#saveToken, you are not returning a refresh token, but authorization-code-grant-type.js#saveToken does.
To Reproduce
Steps to reproduce the behavior:
- oauthServer.token call with client_credentials grant and notice there is no refresh token being generated, as described above.
- Repeat process for authorization_code grant type and it is generated. I feel like this may be a miss.
Expected behavior
A refresh token should be returned for all token requests, regardless of the grant type used.
Metadata
Metadata
Assignees
Labels
No labels