TokenEndpoint.RefreshTokenRevokedAfterUse

Is the refresh token revoked after use

This test checks if the token endpoint revokes an old refresh token if a new one is issued to the client.

View source code on GitHub

Documents

This test is part of the following document(s):

• The OAuth 2.0 Authorization Framework (RFC6749), section 6 (may)
• OAuth 2.0 Threat Model and Security Considerations (RFC6819), section 5.2.2.3 (may)
• OAuth 2.0 Attacks & Defenses (AttsDefs), section unknown (must)

Back to the test case overview or the threat overview