For instance an access code (which is just another token) can only be used once.
This means that we can specify that a refresh token can only be used N times.
The counter will not increase for token_introspection requests.
For the moment usage_rules as set in the configuration is valid for the whole server. We probably want to be able to set usage_rules per client.
In usage_rules ,which is set per grant, we can specify the life time of a token but also how many times a token can be used.
https://github.com/IdentityPython/oidc-op/blob/41d7f5e86ad086b6b3c266d1b92d54cbfe2b8733/example/flask_op/config.json#L68
For instance an access code (which is just another token) can only be used once. This means that we can specify that a refresh token can only be used N times.
The counter will not increase for token_introspection requests. For the moment usage_rules as set in the configuration is valid for the whole server. We probably want to be able to set usage_rules per client.