Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Profile config flag refreshTokensEnabled not honored by the token flow

Description

The profile configuration flag/predicate for enabling refresh tokens is not honored by the token flow. The refresh tokens are thus issued if the RP metadata and the requested scope permit issuance, even though the profile config would deny it.

Environment

None

Confluence content

mentioned on

Activity

Show:

Henri MikkonenMarch 18, 2022 at 7:09 AM

Modified the ValidateGrant action to not allow refresh_token grants when refresh tokens are disabled in the profile configuration.

Henri MikkonenMarch 17, 2022 at 10:28 AM

Added an activation condition for the SetRefreshTokenToResponseContext action: the action is run only if the profile configuration flag for refresh tokens is enabled.

Fixed

Details

Assignee

Reporter

Components

Fix versions

Affects versions

Created March 17, 2022 at 10:24 AM
Updated April 15, 2022 at 5:32 PM
Resolved March 18, 2022 at 7:09 AM

Flag notifications