id_token not returned after request at the /oauth2/token endpoint using the refresh_token #794
Description
Hi @arekkas,
I'm currently doing some work on this project and we are having some issues on getting the id_token after the request to the /oauth2/token endpoint using the refresh_token.
As you said to me on Discord the id_token should be re-issued after using the refresh_token, so I tried to user your hydra-consent-app-go to be sure that was some error on my end of configuration or even added code but I still don't get the id_token in the response at the request at the endpoint.
We are using the Authorization Code Grant Flow
After giving consent to the scopes (in this case just openid and offline) we got the code and make the request to the /oauth2/token endpoint to retrive id_token, access_token, refresh_token
This is the request
POST /oauth2/token HTTP/1.1
Host: localhost:4444
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Authorization: Basic bXktaWQ6
Cache-Control: no-cache
grant_type=authorization_code&code=Y2Iehq_hgnuLbqfJaKifu98kdVCgAsUKi4E9S37GBTM.7zCk0Dsk4j40ZuHqHxJXq4aFDT7pvUWUedoa8PDFxZwThis is the response
{
"access_token": "DNpM5N3DLfDxj8gGQHZEcjn-ACknw2ozx8_v2sHuK6w.S3CMUaf2eXnZiyXaGK-8gsg894gCOrFElbGKVTpKVoU",
"expires_in": 179,
"id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYyIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJteS1pZCIsImF1dGhfdGltZSI6MTUxOTczOTEwNiwiZXhwIjoxNTE5NzM5Mjg2LCJpYXQiOjE1MTk3MzkxMjQsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6NDQ0NCIsIm5vbmNlIjoiYmM5ZDE4NzAtNjJjMS00NTMyLWEyMDctOTY2ZmUyNzQ1OTRlIiwicmF0IjoxNTE5NzM5MTA2LCJzdWIiOiJwb2l1eXRyZXdxIn0.WrFspjZBL-_1rP1jt4hOmoxySyZWtJcyCqjapnoUps8bjGMZD0ry2kWUnZfnLabn5-fAFFc5Qmvcet4Bo1HgApoYD4Z9SSsCB5-BGliSdzGTmaxH35mlzLYMTMdsMjxG9gSE1oeexY5XwkHbyd-pW2SSQE-pGHXnklKZF8TUqWYzuTqRH3wJKTyXudDiVnxGMt5_bE2y9Upx-hyQurqUSW1DzKScfvRzO1_meyQ5hfS12kXRgtU2N4VzKxqDKAloDLRSGL_rhxukd3vBDNnlcvuSBxX7sXY7mRCLcjdzu8K-YWcpe7mIJR-G68w5j3McwS8DGmSqS1KepS4CGEJI93ZsFWJ9ZsZj21AlOvQ-y8W5KfwI08971mT_9JCuvbDyr-SOSP8w-G56G0UR3qDWj3TbnRrrYSmhFmX8PffHQu9XkfM0t1usQBz-qje9ebXbPpxnmy8np-_QI7IfV3s1ifYTXbOrejop-CjS8WwynsAU8wMuD9l51yg4NqLHKIrXBfuKimrvxpW3aQQSFT6Q5JguCzbSdRV66Q5niEiCV7jc5HWQfOJhsI9c0uzYqkH_wz7UnnmAm1zRTc0_Ybcvyr9_atKXgGpoB7WhZECNBfMX8h101xkiaY4hd6o33eWl3Lr9PVp_IAUz7H7zdIru5yYbGUbIi8cmyJxLpEytgz4",
"refresh_token": "F0BRebxWerAiisrzdlDrknzFccJ7FEvBSlelaygZnWY.EV2ul08rjoKuLMAhTpS6-s2A5bmS_ExzlqfBO-A17QY",
"scope": "openid offline",
"token_type": "bearer"
}Then, make the request at the /oauth2/token endpoint using the refresh_token
This is the request:
POST /oauth2/token HTTP/1.1
Host: localhost:4444
Authorization: Basic bXktaWQ6
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
grant_type=refresh_token&refresh_token=9F0BRebxWerAiisrzdlDrknzFccJ7FEvBSlelaygZnWY.EV2ul08rjoKuLMAhTpS6-s2A5bmS_ExzlqfBO-A17QY&response_type=id_token+tokenThis is the response
{
"access_token": "n7erXSVEenLmt25BH6xpRR94LCy7NppGWvOr4XeIA08.jKpzNAwbkkiraC-yN_GSI154tr-S76OdZcpBFhbH98c",
"expires_in": 179,
"refresh_token": "_jK60Cs79k00xkfhBe-U3rfWZy0Gbj2s3BYmPyPXH6o.Ugne7F_For3FP1YnGru6R-sJUYwTenHbrC_mZUA59Zk",
"scope": "openid offline",
"token_type": "bearer"
}Recapping
id_token is not returned in the response to /oauth2/token using the refresh_token
Is it wanted?
If it is wanted, there's any way to retrieve it?
The id_token has to be returned in the response?
If has to be returned and in this case it isn't, what can it be?