djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update site/content/posts/2022-01-18-idp-refresh-tls-ciphers-for-compliance.md

Browse Source 
Co-authored-by: Ryan Richard <rrichard@pivotal.io>
This commit is contained in:
anjalitelang 2022-01-20 10:43:00 -05:00 committed by GitHub
parent 3895312b0f
commit 1f3ad0c0a4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
site/content/posts/2022-01-18-idp-refresh-tls-ciphers-for-compliance.md
View File

@ -29,7 +29,7 @@ Supporting OIDC IDP refreshes will require certain changes to the OIDCIdentityP
#### When your OIDC IDP can return refresh tokens (Preferred approach)
If your OIDC IDP can return refresh tokens, it is likely following the recommendations of the OIDC spec as it relates to using the offline_access scope for requesting refresh tokens. In this case, you must add the scope name to the list in the **additionalScopes** setting in the **OIDCIdentityProvider resource**, unless the new default value of that setting takes care of it for you.
If your OIDC IDP can return refresh tokens, it is likely following the recommendations of the OIDC spec as it relates to using the "offline_access" scope for requesting refresh tokens. In this case, you must add the "offline_access" scope name to the list in the **additionalScopes** setting in the **OIDCIdentityProvider resource**, unless the new default value of that setting takes care of it for you.
Note that before this release, the default value of additionalScopes was only "openid" whereas the new default value is to request all of the following scopes: "openid", "offline_access", "email", and "profile". Explicitly setting the *additionalScopes* field will override the default value.