Re: [Unity-idm-discuss] Issue on fetching new access tokens from (public) OAuth clients using upstr

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Sander,

W dniu 6.10.2025 o 13:58, Sander Apweiler pisze:
> Hi Krzysztof,
> hi Roman,
>
> we encountered an issues where a public OAuth client gets error, when
> it tries to get a new access and refresh token, using a refresh token.
> The output translation profile creates an error because it can not
> access upstreamACRs. Which might make sense, since in using refresh
> tokens you do not have an upstream ACR. Would it make more sense to
> store the information from the original login and send the result
> instead of trying to resolve it again?
>
> I assume the same issue comes up for confidential clients.
>
You are right: upstreamACR and several other variables in the output 
profile are not accessible during token refresh.

I'd like to understand your question better. Do you suggest the output 
profile provides information from the original authN (which happened 
during initial access token creation)?

Or rather to expose information from the refreshed token? Or just that 
this is token refresh?

Thank you,
Krzysztof

Re: [Unity-idm-discuss] Issue on fetching new access tokens from (public) OAuth clients using upstr

Identity management and federations integration

Re: [Unity-idm-discuss] Issue on fetching new access tokens from (public) OAuth clients using upstreamACRs in output translation profile