FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    refresh token always valid

    Scheduled Pinned Locked Moved
    Q&A
    2
    2
    473
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fusionauth_user
      last edited by

      So im not sure if i understand it correctly, but i have set up my refreshtoken to be single use only on my applications settings, but i can just keep using the old refresh token to get new access tokens.

      Is this right?

      1 Reply Last reply Reply Quote 0
      • danD
        dan
        last edited by

        Hmmm. What version of FusionAuth are you running?

        If you have set the refresh token usage policy to be OneTime in the tenant settings, then the old refresh token shouldn't give you access tokens after the first call.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post