when I dont use any rotation features, then mine settings are "BLACKLIST_AFTER_ROTATION": False
and that cause when refresh token is black listed then cannot verify refresh token, response always ok..
fix is set "BLACKLIST_AFTER_ROTATION" to True. but this need to tell if somewhere use blacklist feature and try to verify refresh token.
when I dont use any rotation features, then mine settings are "BLACKLIST_AFTER_ROTATION": False and that cause when refresh token is black listed then cannot verify refresh token, response always ok..
fix is set "BLACKLIST_AFTER_ROTATION" to True. but this need to tell if somewhere use blacklist feature and try to verify refresh token.