Hi,
For the client credentials grant, Keycloak (at least 9.0.x) do issue a ‘refresh token’ which violate the RFC
- which state that “A refresh token SHOULD NOT be included.”
(https://tools.ietf.org/html/rfc6749#page-4.4.3)
Is it possible to configure keycloak to do not issue ‘refresh token’ for client credentials grant for standard conformance?
thanks.