updated configuration, confirmed works pending SECOAUTH-299

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java

@@ -113,6 +113,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 	    	// attach the authorization so that we can look it up later
 	    	token.setAuthentication(authentication);
 	    	
+	    	// TODO: tie this to the offline_access scope
 	    	// attach a refresh token, if this client is allowed to request them
 	    	if (client.isAllowRefresh()) {
 	    		OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity(); //refreshTokenFactory.createNewRefreshToken();

spring-security-oauth

@@ -1 +1 @@
-Subproject commit 2a3e2636d0c85620fbd495b40c5ef8fe11a94eba
+Subproject commit 0465c6ebbf301a368d183cb548339a9c7d3fa4df