Refresh token not added to denied list after use

minkan-chat / server

This repository keeps the backend implementation for the Minkan end-to-end encrypted messenger.

GNU Affero General Public License v3.0

16 stars 1 forks source link

Closed Erik1000 closed 3 years ago

Erik1000 commented 3 years ago

TokenPair::refresh does not add the token to the denied list in the database, this allows replay attacks.