During the token exchange where an authorization code is exchanged for an access token and a refresh token, the same code can be used more than once. This happens if several requests are issued in parallel.
Authorization codes MUST be short lived and single-use, as described in RFC6749, Section 10.5.
During the token exchange where an authorization code is exchanged for an access token and a refresh token, the same code can be used more than once. This happens if several requests are issued in parallel.
Authorization codes MUST be short lived and single-use, as described in RFC6749, Section 10.5.