github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

updated newly-registered clients to not get refresh tokens unless they ask for offline_access scope explicitly

pull/324/merge
Justin Richer 2013-04-19 15:40:20 -04:00
parent 0e9273fd08
commit 0e2d5830a4
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java
View File

@ -91,7 +91,7 @@ public class ClientDynamicRegistrationEndpoint {
// set default grant types if needed // set default grant types if needed
if (newClient.getGrantTypes() == null || newClient.getGrantTypes().isEmpty()) { if (newClient.getGrantTypes() == null || newClient.getGrantTypes().isEmpty()) {
newClient.setGrantTypes(Sets.newHashSet("authorization_code", "refresh_token")); // allow authorization code and refresh token grant types by default newClient.setGrantTypes(Sets.newHashSet("authorization_code")); // allow authorization code grant type by default
} }
// set default response types if needed // set default response types if needed