At least for openid connect, I think we hashed this through on our dev
call today.
* There will be a Protocol Claim Mapper that can add a facebook token
and expiration claim to the application's access token.
* the refreshToken endpoint will accept a "scope" parameter. The
application can then request the refresh of any external token by
specifying this token in the "scope parameter.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com