Skip to content

add refresh token to client_credentials saveToken #351

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

add refresh token to client_credentials saveToken #351

wants to merge 1 commit into from

Conversation

z1haze
Copy link

@z1haze z1haze commented Jun 2, 2025

Summary

TLDR: fixes #350

For some reason, the library doesn't include the refresh token when saving the access token during client_credentials flows, but it does for the authorization_code flow. In the event that you need to generate tokens for anonymous users (guests), the client credentials grant is necessary, and the refresh token should be provided.

Linked issue(s)

#350

Involved parts of the project

client_credentials grant flow

Added tests?

No tests

OAuth2 standard

https://datatracker.ietf.org/doc/html/rfc6749#appendix-A.17 (page 44)
https://www.oauth.com/oauth2-servers/access-tokens/access-token-response/ (refresh token section)

Reproduction

Issue a token using client_credentials grant and see the refresh token now exists as it does for the authorization_code grant

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

refresh_token missing for client_credentials grant
1 participant
@z1haze