Refresh token response does not contain custom fields from custom token request validator

[rukyoj]

I have an implementation of ICustomTokenRequestValidator in which I add additional data in the custom response. So, when I make request for an access token (using password grant), I'm able to get my custom data in the response. But when I use use the refresh_token grant, I'm unable to get my custom response (even though the ValidateAsync method actually gets called. Is this a bug, or am I supposed to override something else?

[brockallen]

I'm able to get my custom data in the response

What's an example of this custom data, and how in the custom token request validator are you setting this data to be included in the response?

[rukyoj]

public class CustomTokenRequestValidator : ICustomTokenRequestValidator
{
        public Task ValidateAsync(CustomTokenRequestValidationContext context)
        {
            context.Result.CustomResponse = new Dictionary<string, object>
            {
                {"scope", "read" }
            };

            return Task.CompletedTask;
        }
}

Response (with password grant):

{
    "access_token": "73ab04ed8b6e5a91de9129cd339485309f3706ee544cbe3a91aacd1cc034782e",
    "expires_in": 86400,
    "token_type": "Bearer",
    "refresh_token": "9f119581772cab814e956ca11e8c66f8877979d2589d9644c8f4f40e0fdb28df",
    "scope": "read"
}

Response (with refresh_token grant):

{
    "access_token": "9f119581772cab814e956ca11e8c66f8877979d2589d9644c8f4f40e0fdb28df",
    "expires_in": 86400,
    "token_type": "Bearer",
    "refresh_token": "9f119581772cab814e956ca11e8c66f8877979d2589d9644c8f4f40e0fdb28df"
}

[leastprivilege]

OK - I can repro the problem. Need to have a closer look.

[leastprivilege]

Found the bug. Will be included in the next bug fix release.

[leastprivilege]

Thanks for reporting!

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.