Recently, our authentication began failing, and we were no longer receiving an
id_token in the response from
There was a server update on 4/17/23 that fixed a bug. The bug was allowing for a scenario where, if the scope of the initial
/authorize request did not include
openid, a new ID token would be issued in the response of a subsequent refresh token exchange.
If you have been relying on this behavior to obtain an ID token, you may have experienced the server update that caused you to no longer receive an
id_token in the response.
We recommend including the
openid scope in the
/authorize request. By doing so, a new ID token will be issued in the response of later refresh token exchanges.