Implit grant does not support the issuance of refresh tokens

Question

Implit grant does not support the issuance of refresh tokens

tsuyoshizawa opened this issue 9 years ago · comments

Tsuyoshi Yoshizawa commented 9 years ago

http://tools.ietf.org/html/rfc6749#section-4.2

The implicit grant type is used to obtain access tokens (it does not support the issuance of refresh tokens)

The authorization server MUST NOT issue a refresh token.

We should not return refresh token in response when grant is Implicit
ImplicitGrantHandler should not call AuthorizationHandler#refreshAccessToken

Tsuyoshi Yoshizawa · Answer 1 · Sun Jul 26 2015 20:53:03 GMT+0800 (China Standard Time)

@satabin Is this specification correct, right?
Then, I will fix this problem.

Lucas Satabin · Answer 2 · Sun Jul 26 2015 21:02:45 GMT+0800 (China Standard Time)

Right, I missed this point. Refresh token are indeed not issued in this flow.