Add custom or generic request validator for refresh token grant #1941

anekar422221 · 2025-03-20T04:59:55Z

Expected Behavior
Similar to OAuth2ClientCredentialsAuthenticationValidator there should be a validator for Refresh token grant

Current Behavior
Currently there is no support for validating the request parameters for the RefreshToken grant.

Context
In our particular use case, I would like to validate the scopes that are passed in the request as params, against the registered client's scopes during the flow.

Not only scopes, we also want to validate several other request params which are needed for our use-cases like - validating the tenant information of refresh token so that I can prevent cross-tenant refresh token exchange.
That is the reason I am looking for a request validator similar to what you have shared above.

anekar422221 added the type: enhancement A general enhancement label Mar 20, 2025

jgrandja changed the title ~~Add custom or generic request validator for refresh token grant & other grant~~ Add custom or generic request validator for refresh token grant Mar 21, 2025

OrangeDog mentioned this issue Apr 7, 2025

OAuth2RefreshTokenAuthenticationProvider does not check user or consent #1959

Closed

jgrandja added this to the 2.0.x milestone Apr 9, 2025

OrangeDog mentioned this issue Apr 16, 2025

Redis samples should use the TTL feature #1969

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add custom or generic request validator for refresh token grant #1941

Add custom or generic request validator for refresh token grant #1941

anekar422221 commented Mar 20, 2025

Add custom or generic request validator for refresh token grant #1941

Add custom or generic request validator for refresh token grant #1941

Comments

anekar422221 commented Mar 20, 2025