Michael DOUBEZ

Hello, Thanks for the work. You can ignore the warnings about secret leaking, they are mostly irrelevant. I'll check the concurrency issue but if the information is local to a...

@krezovic the change looks good to me. What bothers me most is the idtoken kept in the session information. It should be removed and kept only in the credentials but...

@krezovic conflicts needs to be resolved. IMHO we can merge it as it is.

@krezovic I have been working on the merge, I should be able to contribute it before the end of the week

See https://github.com/michael-doubez/oic-auth-plugin/tree/token_refresh Note: some unit test still to adapt/fix

I'll have to check if the code still has the issue. If that's the case, the refresh is a good time to renew user info.

Yes, that one in on my "what's next" list. I am investigating the use use of `filter` which seems to be called whenever an access occurs. I ve not yet...

Hello Gladly. Implementation should not assume an offline or refresh token is available. There should also be a configurable renewal interval.

I solved the conflicts and made fixes in pull request #39