We’re looking into getting OIDC-conformant.
In our app, we currently have an ID token and a refresh token stored.
We used to be able to use the refresh token to get fresh ID tokens, but that doesn’t work anymore.
It does work, however, if I add an audience when retrieving the refresh token in the first place. I.e. when using the OIDC flow.
My question is:
Is there a way, to use the existing non-OIDC-conformant ID token to retrieve a OIDC-conformant refresh token and access token?
Or is the only way to get OIDC-conformant, to have the users log out and log in again? (This would be nice to avoid)