You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What are you trying to achieve or the steps to reproduce?
I am using authorization code flow to successfully fetch the first access token 1
I can refresh token 1 to get token 2
Token 2 cannot be refreshed because it no longer has a refresh_token associated. This is because our OAuth2 /token endpoint will only provide a new refresh token if the original refresh token is still within 60% of is validity period. It doesn't echo back the original refresh token.
Context
What are you trying to achieve or the steps to reproduce?
refresh_tokenassociated. This is because our OAuth2/tokenendpoint will only provide a new refresh token if the original refresh token is still within 60% of is validity period. It doesn't echo back the original refresh token.This behavior is acceptable per RFC 6749 Section 4.1.4
What was the result you got?
Got a token that cannot be refreshed while the initial refresh token is still valid.
What result did you expect?
Tokens should be refreshable until the current refresh token is no longer valid.
Perhaps the library could consider using the current refresh token if the response does not include one ?
The text was updated successfully, but these errors were encountered: