Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support id_token in refresh_token

See original GitHub issue

Issue Description

What version of UAA are you running?

  "app": {
    "version": "4.10.0"
  "links": {
    "uaa": "https://uaa.<...>",
    "login": "https://login.<...>"
  "zone_name": "uaa",
  "entityID": "login.<...>",
  "commit_id": "a4132cb",
  "idpDefinitions": {},
  "prompts": {
    "username": [
    "password": [
  "timestamp": "2018-02-06T10:24:36-0800"

How are you deploying the UAA?

using cf-deployment 1.15.0 on bosh-lite

What did you do?

I’m trying to integrate UAA and Kubernetes with CFCR 0.14.0 using .

It worked to access k8s with id_token returned by UAA. After the token expired, kubctl used refresh_token to refresh the token but failed with the following error

Unable to connect to the server: token response did not contain an id_token, either the scope "openid" wasn't requested upon login, or the provider doesn't support id_tokens as part of the refresh response.

From the doc, refresh token does not seem to support id token.

I’ve also confirmed the response of bellow didn’t contain id_token field

curl -k -v https://uaa.<...>/oauth/token -d client_id=xxxxx -d client_secret=xxxxx -d grant_type=refresh_token -d refresh_token=xxxxx -d response_type=id_token

What did you expect to see? What goal are you trying to achieve with the UAA?

I expected UAA to support id_token in refresh_token in order to refresh token with kubectl.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:7 (3 by maintainers)

github_iconTop GitHub Comments

tnwangcommented, May 14, 2018

Thanks for raising this issue. We are aware of this and will be working on it soon.

shamuscommented, May 23, 2020

Closing due to inactivity.

Read more comments on GitHub >

github_iconTop Results From Across the Web

What Are Refresh Tokens and How to Use Them Securely
A refresh token can help you balance security with usability. Since refresh tokens are typically longer-lived, you can use them to request ...
Read more >
Sending IDToken as part of RefreshToken poll
I seem to running into a scenario with a Vendor, where everything seems to revolve around IDToken. The initial login / sso works...
Read more >
Refresh Tokens — IdentityServer4 1.0.0 documentation
Refresh tokens are supported for the following flows: authorization code, ... ReUse the refresh token handle will stay the same when refreshing tokens....
Read more >
Refresh the access and ID tokens | Okta Developer
Identity Engine. This guide shows you how to refresh access and ID tokens by using either the Identity Engine SDK or the OIDC...
Read more >
Refreshing Access Tokens - OAuth 2.0 Simplified
If everything checks out, the service can generate an access token and respond. The server may issue a new refresh token in the...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found