Add a ROTATE_REFRESH_TOKEN setting to control whether refresh tokens are reused or not

#389 added the ability to reuse old refresh token. 

To enable this behavior, one should extend the `OAuth2Validator` class, reimplement the `rotate_refresh_token` method to return `False` instead of `True` and set the `OAUTH2_VALIDATOR_CLASS` setting to the custom class path.

It could be easier if we add a boolean `ROTATE_REFRESH_TOKEN` setting that is used in a default implementation of the `rotate_refresh_token` method:

```python
def rotate_refresh_token(self, request):
    return oauth2_settings.ROTATE_REFRESH_TOKEN
```



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Add a ROTATE_REFRESH_TOKEN setting to control whether refresh tokens are reused or not #424

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Add a ROTATE_REFRESH_TOKEN setting to control whether refresh tokens are reused or not #424

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions