Handle loosing track of Refresh Token #272
Unanswered
MollardMichael
asked this question in
Q&A
Replies: 1 comment
-
Hello @MollardMichael Learn more about the Ory Identities security model here: https://www.ory.sh/docs/security-model |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
I'm looking at the Oauth2 Authorization Code Refresh Token process.
I can see that once you have access to the refresh token of a client, you can use it to generate a new access_token. (Useful to take actions on behalf of users from the backend).
Nevertheless, I can see that you can only use the refresh token once. Meaning that in the eventuality of a network error right after having called Ory, we will have used our one chance but we won't have access to the new refresh token.
Do you have any idea of how we could handle this? Is the only option to authenticate the client again?
Thanks
Beta Was this translation helpful? Give feedback.
All reactions