This feature is the extension of the authentication feature which had been introduced earlier. From earlier implementation, what happens after the refresh token expires? You request another token, but this time it only returns the refresh token only, So I wanted to have both refresh and token return that's why I included ROTATE_REFRESH_TOKENS:True and when you request another token I want to ensure that the refresh token used has to be blacklisted, you will not reuse the refresh token again, this is for security purposes, so we set BLACKLIST_AFTER_ROTATION: True,
Checklist:
[x] My code follows the style guidelines of this project
[x] I have performed a self-review of my code
[x] I have commented my code, particularly in hard-to-understand areas
[x] My changes generate no new warnings
[ ] I have added tests that prove my fix is effective or that my feature works
[ ] New and existing unit tests pass locally with my changes
[ ] Any dependent changes have been merged and published in downstream modules
Description
This feature is the extension of the authentication feature which had been introduced earlier. From earlier implementation, what happens after the refresh token expires? You request another token, but this time it only returns the refresh token only, So I wanted to have both refresh and token return that's why I included
ROTATE_REFRESH_TOKENS:True
and when you request another token I want to ensure that the refresh token used has to be blacklisted, you will not reuse the refresh token again, this is for security purposes, so we setBLACKLIST_AFTER_ROTATION: True,
Checklist: