Open earaujoassis opened 4 years ago
Refresh tokens are defined with an eternalExpirationLength. Is that a security hole in the system? It must be investigated whether refresh tokens could be reused in an undefined period of time and what the RFC 6749 states about that.
eternalExpirationLength
One solution:
Refresh tokens are defined with an
eternalExpirationLength
. Is that a security hole in the system? It must be investigated whether refresh tokens could be reused in an undefined period of time and what the RFC 6749 states about that.