Closed twinmind closed 3 years ago
Every time web application calls accounts/refresh-token, the long lived token is being replaced along with short lived token and new record is created in RefreshToken table.
accounts/refresh-token
RefreshToken
This behaviour is intentional for increased security, the technique is called refresh token rotation, there's more info at this article - https://auth0.com/docs/tokens/concepts/refresh-token-rotation
Every time web application calls
accounts/refresh-token
, the long lived token is being replaced along with short lived token and new record is created inRefreshToken
table.