updated newly-registered clients to not get refresh tokens unless they ask for offline_access scope explicitly
parent
0e9273fd08
commit
0e2d5830a4
|
@ -91,7 +91,7 @@ public class ClientDynamicRegistrationEndpoint {
|
|||
|
||||
// set default grant types if needed
|
||||
if (newClient.getGrantTypes() == null || newClient.getGrantTypes().isEmpty()) {
|
||||
newClient.setGrantTypes(Sets.newHashSet("authorization_code", "refresh_token")); // allow authorization code and refresh token grant types by default
|
||||
newClient.setGrantTypes(Sets.newHashSet("authorization_code")); // allow authorization code grant type by default
|
||||
}
|
||||
|
||||
// set default response types if needed
|
||||
|
|
Loading…
Reference in New Issue