Hello,
I have the following problem. Using authorization code flow I get an id token with groups claim(there are access and refresh tokens as well), but when I refresh the tokens using the refresh token I get the id token without the groups claim.
From what I’ve read here and here I understand that in the first case I get fat id token and in second one I get minimal id token. Unfortunately according to the documentation that shouldn’t be so, because I supply openid scope which should give me a minimal token, but I get fat token and on refresh I get neither fat token nor minimal token, but something in the middle, because I have profile data, but missing group claims.
What I need is that in both cases(token request and refreshing token) to receive id token with groups claim. Could you help me understand what I’m missing from the documentation, as what I understand doesn’t appear to be what I see?
Here’re the response messages for reference(I’ve decoded the access and id tokens):
Authorization:
Token request (id token with groups claim):
Token refresh (id token without groups claim):