You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am working with Django Oauth2 on a freelancing project and used the username and password to handle authenticate users.
However, when I tried to refresh the access token I noticed that the refresh_token itself was revoked, and I found on the documentation that we can use ROTATE_REFRESH_TOKEN to disable this behavior.
But, the docs are talking about a known bug that I do not fully understand, why would setting this setting to False because the tokens are to be revoked, I debugged the code locally and didn't see anything that would cause this.
I suspect that the docs could be old, and a bit outdated in that regard, but not sure.
Can someone please explain it to me, and if it is safe to use when going into production or not?
The text was updated successfully, but these errors were encountered:
Hi, I just tested that case and is also working fine for me, if I define ROTATE_REFRESH_TOKEN to False inside the OAUTH2_PROVIDER setting. And the refresh token functionality is reusing the same refresh token, and it works for multiple refreshes.
Then I would also guess that the documentation is outdated.
That change was added in this PR and exactly this commit.
The description indicates this issue but for me it doesn't seems to be related
I am working with Django Oauth2 on a freelancing project and used the
username
andpassword
to handle authenticate users.However, when I tried to refresh the access token I noticed that the
refresh_token
itself was revoked, and I found on the documentation that we can useROTATE_REFRESH_TOKEN
to disable this behavior.But, the docs are talking about a known bug that I do not fully understand, why would setting this setting to
False
because the tokens are to be revoked, I debugged the code locally and didn't see anything that would cause this.I suspect that the docs could be old, and a bit outdated in that regard, but not sure.
Can someone please explain it to me, and if it is safe to use when going into production or not?
The text was updated successfully, but these errors were encountered: