TokenEndpoint.InvalidatedRefreshToken

Is the active refresh token revoked after a refresh token multi-exchange

This test checks if the active refresh token is revoked when the same (old) refresh token is presented twice at the token endpoint

View source code on GitHub

Documents

This test is part of the following document(s):

• OAuth 2.0 Security Best Current Practice (draft 25) (SecBCP), section 4.13.2 (must)

Back to the test case overview or the threat overview