hackerman
hackerman
Haha I just closed another issue for this recently - sounds good :)
PATCH is now available!
1. `offline_access` is an OpenID Connect standard - removing it would break certification. The current behaviour is correct. 2. The linked blog post explains something unrelated - refresh token rotation...
I see, but I don't understand the problem. When would you not be able to send that scope along in the request? Using an SPA does not prevent you from...
I see - so you want the refresh token only to be granted as long as the user is signed in in Ory Hydra? Are you looking at a first-party...
> I'd rather made offline_access allowed until consent is expired and online_access allowed until login is expired. So in Ory Hydra it's not easy to tell when the login is...
> I read this of course, but I think this would become not so true as the approach of using refresh_tokens in SPA instead of silent refresh (prompt=none) becomes more...
Thank you @bigred8982 - this is essentially what Ory Hydra is capable of since several years. You can use authorize code with public clients in Ory Hydra. Refresh tokens are...
Thank you, this looks great! The CI is failing because some files are formatted incorrectly. To format them, run: ``` $ make format $ git commit -a -m "styles: format...