You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This immediately invalidates the current refresh token, and the client must use the new one. The primary motivation is detecting that a refresh token has be stolen. Summed up well by rfc 6819
Refresh token rotation is intended to automatically detect and
prevent attempts to use the same refresh token in parallel from
different apps/devices. This happens if a token gets stolen from the
client and is subsequently used by both the attacker and the
legitimate client.
The text was updated successfully, but these errors were encountered:
Also known as "Refresh Token Rotation"
Currently a refresh token can be redeemed for an access/ID token as many times at the hold of that refresh token likes. E.g.
Instead, Dex should also return a new refresh token every time one is claimed.
This immediately invalidates the current refresh token, and the client must use the new one. The primary motivation is detecting that a refresh token has be stolen. Summed up well by rfc 6819
The text was updated successfully, but these errors were encountered: