In our ASP.NET (OWIN) Regular Web Application, we exchange an Authorization Code for an Access Token (https://auth0.com/docs/api/authentication#regular-web-app-login-flow43) and a Refresh Token to renew the Access Token (https://auth0.com/docs/api/authentication#refresh-token) .

So far all is fine. But when a user closes the browser, and starts the application again a new refresh token is being issued. This leads to an accumulation of refresh tokens because they don’t get revoked.
Is this a problem ? And if yes how can we handle this issue?

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?