I’m seeing strange behavior with the Authorization Extension’s Persistence feature between logins that happen via the Lock widget and logins that happen via a “Resource Owner Password”
When a user logs in via the Lock widget, the
app_metadata properly fills in with the authorization persistence settings (
permissions), but after a
POST /oauth/token for that same user, only the
groups authorization settings remain in the
permissions values are emptied. Not until the user again logs in via the Lock widget do these values fill back in.
This was very much unexpected. Any ideas?