Implit grant does not support the issuance of refresh tokens
tsuyoshizawa opened this issue · comments
Tsuyoshi Yoshizawa commented
http://tools.ietf.org/html/rfc6749#section-4.2
The implicit grant type is used to obtain access tokens (it does not support the issuance of refresh tokens)
The authorization server MUST NOT issue a refresh token.
- We should not return refresh token in response when grant is Implicit
ImplicitGrantHandler
should not callAuthorizationHandler#refreshAccessToken
Tsuyoshi Yoshizawa commented
@satabin Is this specification correct, right?
Then, I will fix this problem.
Lucas Satabin commented
Right, I missed this point. Refresh token are indeed not issued in this flow.