cmd/tsidp: Fix sending string for refresh_token

In accordance with the OIDC/OAuth 2.0 protocol, do not send an empty refresh_token and instead omit the field when empty. Fixes https://github.com/tailscale/tailscale/issues/16073 Signed-off-by: Tim Klocke <taaem@mailbox.org>
2025-08-13 22:47:30 +00:00 · 2025-05-24 18:05:57 +02:00
parent 4a11514db5
commit 4980869977
1 changed files with 1 additions and 1 deletions
--- a/cmd/tsidp/tsidp.go
+++ b/cmd/tsidp/tsidp.go
@@ -795,7 +795,7 @@ type oidcTokenResponse struct {
 	IDToken      string `json:"id_token"`
 	TokenType    string `json:"token_type"`
 	AccessToken  string `json:"access_token"`
-	RefreshToken string `json:"refresh_token"`
+	RefreshToken string `json:"refresh_token,omitempty"`
 	ExpiresIn    int    `json:"expires_in"`
 }