diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java
index 9d45411bd3..c7bfab496b 100644
--- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java
+++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java
@@ -496,11 +496,14 @@ private boolean checkExecutePreIssueAccessTokensActions(OAuthTokenReqMessageCont
OAuthAppDO oAuthAppBean = getoAuthApp(tokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId());
String grantType = tokenReqMessageContext.getOauth2AccessTokenReqDTO().getGrantType();
- // Allow for following grant types and for JWT access tokens only.
- return (OAuthConstants.GrantTypes.AUTHORIZATION_CODE.equals(grantType) ||
- OAuthConstants.GrantTypes.CLIENT_CREDENTIALS.equals(grantType) ||
- OAuthConstants.GrantTypes.PASSWORD.equals(grantType) ||
- OAuthConstants.GrantTypes.REFRESH_TOKEN.equals(grantType)) &&
+ // Allow for following grant types and for JWT access tokens if,
+ // pre issue access token action invocation is enabled at server level.
+ return OAuthComponentServiceHolder.getInstance().getActionExecutorService()
+ .isExecutionEnabled(ActionType.PRE_ISSUE_ACCESS_TOKEN) &&
+ (OAuthConstants.GrantTypes.AUTHORIZATION_CODE.equals(grantType) ||
+ OAuthConstants.GrantTypes.CLIENT_CREDENTIALS.equals(grantType) ||
+ OAuthConstants.GrantTypes.PASSWORD.equals(grantType) ||
+ OAuthConstants.GrantTypes.REFRESH_TOKEN.equals(grantType)) &&
JWT_TOKEN_TYPE.equals(oAuthAppBean.getTokenType());
}
diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/RefreshGrantHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/RefreshGrantHandler.java
index c474bf1450..826ef29b0f 100644
--- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/RefreshGrantHandler.java
+++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/RefreshGrantHandler.java
@@ -718,9 +718,11 @@ private boolean checkExecutePreIssueAccessTokensActions(RefreshTokenValidationDa
String grantType = refreshTokenValidationDataDO.getGrantType();
// Allow if refresh token is issued for token requests from following grant types and,
- // for JWT access tokens only.
- return (OAuthConstants.GrantTypes.AUTHORIZATION_CODE.equals(grantType) ||
- OAuthConstants.GrantTypes.PASSWORD.equals(grantType)) &&
+ // for JWT access tokens if pre issue access token action invocation is enabled at server level.
+ return OAuthComponentServiceHolder.getInstance().getActionExecutorService()
+ .isExecutionEnabled(ActionType.PRE_ISSUE_ACCESS_TOKEN) &&
+ (OAuthConstants.GrantTypes.AUTHORIZATION_CODE.equals(grantType) ||
+ OAuthConstants.GrantTypes.PASSWORD.equals(grantType)) &&
JWT_TOKEN_TYPE.equals(oAuthAppBean.getTokenType());
}
diff --git a/pom.xml b/pom.xml
index 5a336ed08c..e00cbe8439 100644
--- a/pom.xml
+++ b/pom.xml
@@ -909,7 +909,7 @@
[1.0.1, 2.0.0)
- 7.3.50
+ 7.3.60
[5.25.234, 8.0.0)