Use Case
in /refresh endpoint, every time client request a new access token, a new refresh token is provided
why it matters:
- a leaked refresh token stays valid for its full TTL, now make it single-use
- better practice in client
Related PR
#20
Proposed Solution
invalidate the former one, and pass new refresh token to client
Alternatives Considered
N/A
Implementation Notes
use fastapi-users
Use Case
in
/refreshendpoint, every time client request a new access token, a new refresh token is providedwhy it matters:
Related PR
#20
Proposed Solution
invalidate the former one, and pass new refresh token to client
Alternatives Considered
N/A
Implementation Notes
use
fastapi-users