Token types to give recommendations for in G081

[marcvs]

This issue was created with the document version "v1"

Right now we are giving recommendations on these tokens:

• Opaque Access Tokens
• JWT Access Tokens (verified online)
• JWT Access Tokens (verified offline)
• OIDC ID Tokens
• OAuth Refresh Tokens (Rotated)
• OAuth Refresh Tokens (Not rotated)

Please comment on this issue to suggest adding or removing tokens.

[msalle]

You have OAuth Refresh Tokens twice?

[marcvs]

You have OAuth Refresh Tokens twice?

Fixed (I had rotated and non-rotated ones)