| ▲ | hvb2 7 hours ago | |
One time use of refresh tokens is really common? Where each refresh will get you a new access token AND a new refresh token? That's standard in oidc I believe | ||
| ▲ | mooreds 7 hours ago | parent [-] | |
I don't have data on whether it is common, but I know a few OAuth vendors support it. | ||