Hello to all, I'm using CXF to implement an OAuth2 server with password and refresh_token grant types.
Everything work correct, but I found a strange behaviour on refreshAccessToken method of AbstractOAuthDataProvider. In this method the refreshToken is revoked and a new one is generated, and also a new access token is generated. Expected work is just to refresh the access token, not also the refresh token. I know I can override this on my implementation of AbstractOAuthDataProvider abstract class (I've done it), but why is that behavior the default one? Best regards,
