The new v2 OAuth token endpoint mints a fresh session without going through NewUserAuthTokenResponse, so those logins were missing from the audit trail. The refresh grant stays unaudited like the v1 refresh. |
||
|---|---|---|
| .. | ||
| authorize.go | ||
| client.go | ||
| client_test.go | ||
| pkce.go | ||
| pkce_test.go | ||
| token.go | ||