You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The code in the Grant Flow doesn't invalidate the Authorization Code after it's used to successfully issue an access token, so you can reuse the authorization code to issue another access token. It's recommended to have authorization codes expire after some short window and to mark them as used once you've issued a token. The OAuth site goes into more detail about Authorization Codes here.
I'd be happy to make a pull request to expire tokens and remove them after they've been used (or at least invalidate them. Or at a minimum I can make a PR to add some comments to note how it should be done if implemented in a live application.
The text was updated successfully, but these errors were encountered:
The code in the Grant Flow doesn't invalidate the Authorization Code after it's used to successfully issue an access token, so you can reuse the authorization code to issue another access token. It's recommended to have authorization codes expire after some short window and to mark them as used once you've issued a token. The OAuth site goes into more detail about Authorization Codes here.
I'd be happy to make a pull request to expire tokens and remove them after they've been used (or at least invalidate them. Or at a minimum I can make a PR to add some comments to note how it should be done if implemented in a live application.
The text was updated successfully, but these errors were encountered: