Need to limit how many times an OIDC refresh token can be used to get new tokens #12790
Labels
bug
This bug is not present in a released version of Open Liberty
in:Security
Needs member attention
release bug
This bug is present in a released version of Open Liberty
release:200010
team:Security SSO
Expected behavior: Need to limit how many times an OIDC refresh token can be used to get new tokens
Current behavior: you can have unlimited requests to get the tokens. This can cause potentially large number of tokens accumulated.
Diagnostic information:
os linux
version 19.0.0.3
java.runtime = Java(TM) SE Runtime Environment (8.0.5.40 - pxa6480sr5fp40-20190807_01(SR5 FP40))
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: