updated newly-registered clients to not get refresh tokens unless they ask for offline_access scope explicitly

pull/324/merge
Justin Richer 2013-04-19 15:40:20 -04:00
parent 0e9273fd08
commit 0e2d5830a4
1 changed files with 1 additions and 1 deletions

View File

@ -91,7 +91,7 @@ public class ClientDynamicRegistrationEndpoint {
// set default grant types if needed
if (newClient.getGrantTypes() == null || newClient.getGrantTypes().isEmpty()) {
newClient.setGrantTypes(Sets.newHashSet("authorization_code", "refresh_token")); // allow authorization code and refresh token grant types by default
newClient.setGrantTypes(Sets.newHashSet("authorization_code")); // allow authorization code grant type by default
}
// set default response types if needed