[openstreetmap/openstreetmap-website] Add OAuth Refresh token when `openid` scope is used (PR #5497)
David Karlaš
notifications at github.com
Mon Jan 20 10:51:07 UTC 2025
I did some more investigation into this, and I agree using `id_token` as way to login into 3rd party service is not very standardized way of doing things, here is rare example of that being done: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens
While investigating 3rd option of exchanging `id_token` for `access_token` on 3rd party service seems most common way of doing things, which can be done today without adding `refresh_token`, only downside will be that Mobile app needs to acquire `access_token` as soon as user logs in and not later when actually needed.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5497#issuecomment-2602084402
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/5497/c2602084402 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20250120/a2e711af/attachment.htm>
More information about the rails-dev
mailing list