Commit graph

3 commits

Author SHA1 Message Date
Bobby Rullo
75473b4cba refresh tokens: grant claims based on scopes
Before,  this logic was only in the OIDCServer.CodeToken() method; now it has been
pulled out so that other paths, like OIDCServer.RefreshToken() can use
it.

The net affect, is that now refresh tokens can be used to get
cross-client authenticated ID Tokens.
2016-06-14 14:14:36 -07:00
Bobby Rullo
e71c5086ba server: CodeToken now does Cross-Client auth 2016-06-07 17:22:41 -07:00
Bobby Rullo
9b4740862c server: /auth accepts, validates X-client scopes 2016-06-07 17:16:11 -07:00