Hello @rueben.tiow,
I’m logging event.session every time the post-login action is executed. It seems that event.session is defined when i call the /authorize endpoint but every time I refresh the token it is undefined…
Also, I need an id that is unique per user authorization. I noticed that if the user calls /authorize multiple times without logging out and logging back in in between, event.session.id stays the same in both authorizations, which is a problem as i cannot differentiate between the two.
If the refresh token id were available also when the authorization code is exchanged it would solve my problem but this is not the case unfortunately.
Is there another way?