I noticed that there is event.refresh_token.session_id which I could use to map the oauth2-refresh-token actions to the oidc-basic-profile one where event.session.id was first defined. However, it seems that in some refreshes event.refresh_token.session_id is undefined… Why is this the case?
Also, is it normal that the post-login action is not triggered when the authorization code is converted into an access token? I only see it being fired for oidc-basic-profile and oauth2-refresh-token but weirdly not for oauth2-access-token. Is this expected?
Thanks in advance