Keycloak - client credentials grant violation of OAuth2 standard (RFC6749)?

Hi,

For the client credentials grant, Keycloak (at least 9.0.x) do issue a ‘refresh token’ which violate the RFC

Is it possible to configure keycloak to do not issue ‘refresh token’ for client credentials grant for standard conformance?

thanks.

1 Like