• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login

refresh token always valid

Scheduled Pinned Locked Moved
Q&A
2
2
589
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    fusionauth_user
    last edited by 9 Aug 2020, 02:00

    So im not sure if i understand it correctly, but i have set up my refreshtoken to be single use only on my applications settings, but i can just keep using the old refresh token to get new access tokens.

    Is this right?

    1 Reply Last reply Reply Quote 0
    • D
      dan
      last edited by 10 Aug 2020, 14:57

      Hmmm. What version of FusionAuth are you running?

      If you have set the refresh token usage policy to be OneTime in the tenant settings, then the old refresh token shouldn't give you access tokens after the first call.

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post