Open
Description
Expected Behavior
Similar to OAuth2ClientCredentialsAuthenticationValidator there should be a validator for Refresh token grant
Current Behavior
Currently there is no support for validating the request parameters for the RefreshToken grant.
Context
In our particular use case, I would like to validate the scopes that are passed in the request as params, against the registered client's scopes during the flow.
Not only scopes, we also want to validate several other request params which are needed for our use-cases like - validating the tenant information of refresh token so that I can prevent cross-tenant refresh token exchange.
That is the reason I am looking for a request validator similar to what you have shared above.