Is there a defined amount of time that refresh tokens can be continued to be refreshed? So if i continue to refresh my token, then refresh that new token, etc. is there a time period where I won't be able to refresh any longer?
In our situation, I'm getting a invalid_grant error when refreshing a token that has been refreshed for about a month.
Hi @TheRealKevinGlinski
Please see the original forum announcement introducing refresh tokens for info on when the tokens are revoked.
The key takeaways:
"Refresh tokens may be revoked without notice, and applications should gracefully handle that scenario by redirecting the user-agent for authorization (as they do currently)."
"Refresh tokens will be revoked if the user explicitly logs out, their password changes, or all thier tokens are invalidated. The refresh token will not be revoked if the users authenticated http session expires."