oauth2: Check application's granted audience on refresh #325
Comments
aeneasr
added a commit
that referenced
this issue
Nov 3, 2018
This patch resolves several issues regarding the refresh flow. First, an issue has been resolved which caused the audience to not be set in the refreshed access tokens. Second, scope and audience are validated against the client's whitelisted values and if the values are no longer allowed, the grant is canceled. Closes #331 Closes #325 Closes #324
aeneasr
added a commit
that referenced
this issue
Nov 3, 2018
This patch resolves several issues regarding the refresh flow. First, an issue has been resolved which caused the audience to not be set in the refreshed access tokens. Second, scope and audience are validated against the client's whitelisted values and if the values are no longer allowed, the grant is canceled. Closes #331 Closes #325 Closes #324
budougumi0617
added a commit
to budougumi0617/fosite
that referenced
this issue
May 10, 2019
This patch resolves several issues regarding the refresh flow. First, an issue has been resolved which caused the audience to not be set in the refreshed access tokens. Second, scope and audience are validated against the client's whitelisted values and if the values are no longer allowed, the grant is canceled. Closes ory#331 Closes ory#325 Closes ory#324
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No description provided.
The text was updated successfully, but these errors were encountered: