[OIDC] Post-consent authorization in refresh token flow
- BA as OIDC OP (OIDC provider plugin)
- Auth.js as OIDC RP
client.oauth2.authorize(...) with offline_access scope + prompt=consent parameter works the first time (redirects back to client after accepting consent with client.oauth2.consent(...)) along with a refresh token, however subsequent requests trigger a 500 error. They work again if I delete the corresponding record in the oauth_consent table. What am I doing wrong in the flow? Can share more details as needed (query parameters passed to .authorize, etc.)1 Reply
@hobbescodes 🐅 solved this, we had conflicting logic in
onSuccess