Indeewari, I'm confused regarding what you are describing. Would you be able to give additional context?
- Warren On Fri, Aug 2, 2024 at 11:25 AM Indeewari Wijesiri <indeewa...@gmail.com> wrote: > Hi all, > > Refresh token rotation, which involves issuing a new refresh token each > time an access token is renewed, is the default for the refresh grant. Do > we follow the same practice for the authorization code grant and password > grant as well? What is the recommended practice between long-lived refresh > tokens and refresh token rotation for these grants? > > Additionally, is there a specific requirement for refresh token rotation > with JWT access tokens in the authorization code grant and password grant, > given that JWT access tokens are renewed per request? > > Thanks and Regards > -- > > Indeewari Wijesiri > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org >
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
