wagnerdelima / drf-social-oauth2

drf-social-oauth2 makes it easy to integrate Django social authentication with major OAuth2 providers, i.e., Facebook, Twitter, Google, etc.
https://drf-social-oauth2.readthedocs.io/en/latest/
MIT License
274 stars 34 forks source link

same token generated every time for same user #125

Closed prasadyeole03 closed 2 years ago

prasadyeole03 commented 2 years ago

HI I'm using drf-social-oauth2 in one of my project to generate an auth token for social login users. but after logout and blacklisting the old token. when I again generate auth token i'm getting same token as old.

wagnerdelima commented 2 years ago

Right, that is the correct behavior of the application flow. How are you exactly blacklisting the token?

So, the flow works as follows, the token is generated with a certain expiry date. If you request a new token and the new old token is still valid, the application will give you the old token (as there is no need to create a new token).