In our ASP.NET (OWIN) Regular Web Application, we exchange an Authorization Code for an Access Token (https://auth0.com/docs/api/authentication#regular-web-app-login-flow43) and a Refresh Token to renew the Access Token (https://auth0.com/docs/api/authentication#refresh-token) .
So far all is fine. But when a user closes the browser, and starts the application again a new refresh token is being issued. This leads to an accumulation of refresh tokens because they don’t get revoked.
Is this a problem ? And if yes how can we handle this issue?