Closed twinmind closed 3 years ago
related to this issue https://github.com/cornflourblue/aspnet-core-3-signup-verification-api/issues/2
This behaviour is intentional for increased security, the technique is called refresh token rotation, there's more info at this article - https://auth0.com/docs/tokens/concepts/refresh-token-rotation
Also I don't think the changes in the PR will work because the /refresh-token
route will return an error if the refresh token is not active: https://github.com/cornflourblue/aspnet-core-3-signup-verification-api/blob/9774ab83b61de187909dabe1f53ffc3ff6bb24b6/Services/AccountService.cs#L289
Long lived JWT token needs to be replaced only if is inactive.