The new v2 OAuth token endpoint mints a fresh session without going through NewUserAuthTokenResponse, so those logins were missing from the audit trail. The refresh grant stays unaudited like the v1 refresh. |
||
|---|---|---|
| .. | ||
| ldap | ||
| oauth2server | ||
| openid | ||
| auth.go | ||
| auth_test.go | ||