spring-security icon indicating copy to clipboard operation
spring-security copied to clipboard
verified publisher icon spring-projects

Add custom or generic request validator for refresh token grant

Open anekar422221 opened this issue 10 months ago • 1 comments

Expected Behavior Similar to OAuth2ClientCredentialsAuthenticationValidator there should be a validator for Refresh token grant

Current Behavior Currently there is no support for validating the request parameters for the RefreshToken grant.

Context In our particular use case, I would like to validate the scopes that are passed in the request as params, against the registered client's scopes during the flow.

Not only scopes, we also want to validate several other request params which are needed for our use-cases like - validating the tenant information of refresh token so that I can prevent cross-tenant refresh token exchange. That is the reason I am looking for a request validator similar to what you have shared above.

anekar422221 avatar Mar 20 '25 04:03 anekar422221

This issue was transferred from spring-projects/spring-authorization-server (see spring-authorization-server#2195)

jgrandja avatar Dec 04 '25 16:12 jgrandja