-
Notifications
You must be signed in to change notification settings - Fork 313
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Token Response in token exchange should include issued_token_type
#4630
Comments
Here are some different approaches with varying degrees of appropriateness: Add an optional argument to
|
Medplum's OAuth token endpoint at
https://${YOUR_INSTANCE:-api.medplum.com}/oauth/token
implements the Token Exchange RFC (or some significant parts of it). According to RFC-, the endpoint's success token exchange should return a token response with a requiredissued_token_type
:Medplum's server currently does not do this. Based on my interpretation of that description and the resulting
access_token
I've received in my own local self-hosted instance, I thinkissued_token_type
should be populated and probably with the"urn:ietf:params:oauth:token-type:access_token"
value (OAuthTokenType.AccessToken
).Implementation suggestion
Perhaps sendTokenResponse could be amended to attach additional properties to the token response.
The text was updated successfully, but these errors were encountered: