[gateway] [oauth2] add an option to not rotate refresh tokens #8787

exalate-issue-sync · 2023-01-02T13:54:55Z

📗 Feature

Currently AM always rotate refresh token (a refresh token is only valid once).

For convenience reasons, it can be good to not rotate refresh tokens and re-use refresh token until it expires.

📑 Additional information

This option will be disabled by default to follow best security practices.

🖌️ Design

Link to Figma

Mockups

Unable to render embedded object: File (/secure/attachment/10336/10336_Capture d%E2%80%99e%CC%81cran 2022-12-07 a%CC%80 00.16.00-20221206-201605.png) not found.

📋 Acceptance Criteria

Acceptance criteria 1

Given: A user wants to get a new access token with refresh_token flow

When: The user call the /oauth/token endpoint with the same refresh token multiple times

Then: No error should be displayed and an access token with the same refresh token is displayed to the user

exalate-issue-sync bot added p3 project: AM type: feature labels Jan 2, 2023

gravitee-io deleted a comment from exalate-issue-sync bot Jan 2, 2023

leleueri added this to the AM - 3.19.4 milestone Jan 2, 2023

leleueri closed this as completed Jan 2, 2023

exalate-issue-sync bot removed this from the AM - 3.19.4 milestone Oct 3, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[gateway] [oauth2] add an option to not rotate refresh tokens #8787

[gateway] [oauth2] add an option to not rotate refresh tokens #8787

exalate-issue-sync bot commented Jan 2, 2023 •

edited

Loading

[gateway] [oauth2] add an option to not rotate refresh tokens #8787

[gateway] [oauth2] add an option to not rotate refresh tokens #8787

Comments

exalate-issue-sync bot commented Jan 2, 2023 • edited Loading

📗 Feature

🖌️ Design

Link to Figma

Mockups

Acceptance criteria 1

exalate-issue-sync bot commented Jan 2, 2023 •

edited

Loading