[keycloak-dev] apps access to and refresh of facebook tokens

[Bill Burke]

At least for openid connect, I think we hashed this through on our dev 
call today.

* There will be a Protocol Claim Mapper that can add a facebook token 
and expiration claim to the application's access token.
* the refreshToken endpoint will accept a "scope" parameter.  The 
application can then request the refresh of any external token by 
specifying this token in the "scope parameter.


-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com