Shibboleth IDP for OAuth2

Florian Ritterhoff ritterhoff.florian at
Fri Aug 12 17:38:18 UTC 2022

That works fine so far. The only thing I stumbled over is using 
refresh_tokens. Is there an option/way to create a fresh access_token 
using a generated refresh_token?

At the moment the new access_token is a IDP-only token without 
additional audiences (and in consequence without the previously 
requested claims).


Florian Ritterhoff

Am 09.08.2022 um 20:45 schrieb Cantor, Scott via users:
> On 8/9/22, 2:42 PM, "users on behalf of Florian Ritterhoff" <users-bounces at on behalf of ritterhoff.florian at> wrote:
>>     Yep. Thats prop the issue. How can I configure that a resource server is
>> used/identified :) ?
> Look at the client_credentials support documentation, it covers all those features, they work the same for code grants.
> Nominaly you need to identify the resource server per the RFC for that, and then you need the right policy and configuration to allow the OP to respond.
> -- Scott
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4816 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the users mailing list