Reputation: 1
Refresh Token not Expiring AzureAD
The server should invalidate the refresh token that has already been used for generating new access token and refresh tokens, however the refresh token can be used multiple times for generating new tokens, without being invalidated, even though the server provides a new refresh token each time the request is triggered. I'm using AzureAD for my application.
I know there is a way to expire refresh tokens that have already been used using Refresh Token Rotation Implementation but is it implementable in AzureAD.
Upvotes: 0
Views: 138
Answers (1)
Reputation: 58873
I'm pretty sure that it is working as they have designed it. The purpose is that you can take the new refresh token and replace the one you have in your cache. If you are running a distributed application, it is a good thing that the current refresh token doesn't immediately stop working since it allows the other instances to keep working while the token is refreshed in another. As far as I am aware, there is no place to change this behaviour.
Upvotes: 1
Related Questions
- How to parse html such that the nesting that is implicit by header levels becomes explicit?
- Beautiful Soup parsing HTML containing JSON
- Scraping Deeply Nested HTML Tags, Python
- Extracting nested span / p / div structure using beautiful soup
- Python3: How to convert plain html into nested dictionary based on level of `h` tags?
- How to parse a flat HTML structure into a dictionary using BeautifulSoup?
- Get contents of html elements with arbitary degrees of nesting (along with xpath of contents)
- Accessing nested elements with beautifulsoup
- Creating a JSON structure out of HTML with BeautifulSoup
- Scraping nested tags