You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have faced a scenario with Ory hydra version 2.1.1 where in if we use a refresh token to renew the access token, that all looks fine we get back a new access token and refresh token, however if use the old refresh token again and try renewing the access token then both the refresh tokens looks to be getting invalidated.
Step 1: Use Refresh token1 to get a new access token - Result - New access token2 and Refresh token2 is getting generated
Step 2: Use Refresh token1 again and try to get a new access token - Result - Getting 401 error
Step 3: Use Refresh token2 and try to get a new access token - Result - Getting 401 error.
We believe that the expectation was Step 3 should have worked because the the refresh token 2 which generated as part of Step 1 is never used and should be active. It looks like to be an issue. Kindly please help with your suggestion if any one in the community has came across this issue and any idea to go around it. Looking forward for your suggestion on the same.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello Every one,
We have faced a scenario with Ory hydra version 2.1.1 where in if we use a refresh token to renew the access token, that all looks fine we get back a new access token and refresh token, however if use the old refresh token again and try renewing the access token then both the refresh tokens looks to be getting invalidated.
Step 1: Use Refresh token1 to get a new access token - Result - New access token2 and Refresh token2 is getting generated
Step 2: Use Refresh token1 again and try to get a new access token - Result - Getting 401 error
Step 3: Use Refresh token2 and try to get a new access token - Result - Getting 401 error.
We believe that the expectation was Step 3 should have worked because the the refresh token 2 which generated as part of Step 1 is never used and should be active. It looks like to be an issue. Kindly please help with your suggestion if any one in the community has came across this issue and any idea to go around it. Looking forward for your suggestion on the same.
Beta Was this translation helpful? Give feedback.
All reactions