fix(jans-auth-server): fix race condition during refresh token removal #9074
Assignees
Labels
comp-jans-auth-server
Component affected by issue or PR
kind-bug
Issue or PR is a bug in existing functionality
Comments
mo-auto
added
comp-jans-auth-server
yuriyz
added a commit
that referenced
this issue
Aug 7, 2024
…val #9074 Signed-off-by: YuriyZ <[email protected]>
2 tasks
yuriyz
added a commit
that referenced
this issue
Aug 8, 2024
…val #9074 (#9139) Signed-off-by: YuriyZ <[email protected]>
yuriyz
added a commit
that referenced
this issue
Nov 7, 2024
…val #9074 (#9139) Signed-off-by: YuriyZ <[email protected]> Former-commit-id: 37772ca
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
From oxauth GluuFederation/oxAuth#1909
refresh_token can be used only one time. However if send concurrent calls AS allows re-using it multiple times.
Expected Behaviour: The refresh token cannot be reused
Actual behavior: During the concurrent call we have observed that we are able to reuse the same refresh token multiple times.
Refresh token should only be used once.
Support: 11874
The text was updated successfully, but these errors were encountered: