Looking at the example apps, I see that the scope offline is being used when asking for a refresh_token. However, the OIDC spec says that the scope should be offline_access.
I’m a bit confused by this, am I missing something here?
1 Like
Both are supported, and it’s documented: https://www.ory.sh/docs/hydra/oauth2#oauth-20-refresh-tokens
Thanks for your fast reply!
I knew that both were supported, I just wanted to know if it’s ok to support the “offline” scope when as far as I see the spec doesn’t mention it at all.