Andrew Millington

Thanks for the discussion guys. I think this is something we should look to do. I'm not sure on timings yet but will flag this as an improvement and reopen...

I've checked and this is correct. The resultant identifier is 80 although I see how this can be confusing passing a length of 40.

I think this is probably something we do need to overcome, especially if we are to make it easier to add custom claims to JWTs as has been mentioned in...

While having a new method in the validator to create the http response would be the easiest solution, I don't believe it is the correct solution as it will muddy...

Sorry yep, I'd misread there :)

There is a PR in for this already which I am going to get added in with the next major version :+1:

@GreyXor I am. That's great to hear. Main reason it takes so long is just the checking it complies with the RFC. If you've noticed any discrepancies in this regard...

It looks like we should be issuing the refresh token with the same scopes as the original, regardless of what scopes were requested. I think this should probably be changes...

Hey @lordrhodos - thanks for your PR here. I've had a wee read around this and I'm not sure this would be something we would include in the package. It...

Thanks for the explanation and thanks for pointing to the previous comment. From my readings, my understanding is that unless you have a specific requirement for interoperability with UUID, random_bytes...