Refresh Token reuse detection
If refresh tokens have "One Time Use" enabled, and if a second usage attempt is detected on a refresh token:
Is the whole refresh tokens family invalidated so that all refresh token generated from a stolen one become useless?
joshua last edited by
Were you able to get this addressed or do you still need assistance?