Bad parameter name : don't set oidcRPMetaDataOptionsRefreshToken when you want to use refresh_token
Here is the strange code:
elsif ( $self->rpOptions->{$rp}->{oidcRPMetaDataOptionsRefreshToken} ) {
my $refreshTokenSession = $self->newRefreshToken(
$rp,
{
redirect_uri => $codeSession->data->{redirect_uri},
scope => $scope,
client_id => $client_id,
user_session_id => $codeSession->data->{user_session_id},
grant_type => "authorizationcode",
},
0,
);
The "0" disable the use of oidcServiceOfflineSessionExpiration
(or oidcRPMetaDataOptionsOfflineSessionExpiration
) so refresh_token
timeout is set to $conf->{timeout}
.
@maxbes, @clement_oudot: is it normal or a bug ?