docs: clarify graceful refresh token rotation #1959
Conversation
|
Hm, I find the text on the left easier to read - is it not common to make the 
|
Maybe, but at the moment we follow the microsoft style guide which says bolding only in special cases such as describing UI. We can change that, but it would need to be consistent across the whole documentation and documented clearly in the style guide. |
|
OK, thank you for updating it! |
| @@ -55,10 +55,21 @@ with new tokens for each request without immediate invalidation of the original | |||
|
|
|||
| ## Example behavior with grace period | |||
|
|
|||
| - **Using the refresh token within the grace period**: If a refresh token is used twice within the configured grace period (for | |||
| When the user calls `/oauth2/auth` and performs login and consent, the OAuth2 server issues an access token and a refresh token. | |||
| These tokens and all subsequent tokens issued within the grace period are part of the same consent request. | |||
There was a problem hiding this comment.
The phrase "consent request" is, I think, a Hydra implementation artifact.
Maybe some day we can clarify the concepts both in documenation and in code.
It's a difficult thing to wrap your head around. This is just a side remark.
This PR is 👍
There was a problem hiding this comment.
Yeah, I actually struggled quite hard in trying to find the right phrase. Is it login request? consent request? token chain? consent flow? authorized consent id? Haven't found a good solution yet.
Related Issue or Design Document
Checklist
If this pull request addresses a security vulnerability,
I confirm that I got approval (please contact security@ory.sh) from the maintainers to push the changes.
Further comments