Quick successive calls to oauth/token can return the same token


When I am doing 2 calls to an oauth/token endpoint, in a very short time frame like the same second, I am able to get the same token in both responses.
I guess this is because the requests were processed at a very similar time, therefore nothing changes between them. So it could be totally normal. I am just wondering if it really is, or is something we could configure with a cache option that I did not find so far.

Would someone know if this is a normal behaviour or if we could control it?

My way to reproduce is to do 2 of this call to the token endpoint in my terminal

curl --request POST --url ‘https://mycompany.eu.auth0.com/oauth/token’ --header ‘content-type: application/x-www-form-urlencoded’ --data grant_type=client_credentials --data client_id={my client id goes here} --data client_secret={my secret goes here} --data audience={my audience goes here}

Hi @s.vasseur,

Welcome to the Auth0 Community!

I understand that you have been encountering a scenario where making two successive requests to the /oauth/token endpoint in a short amount of time returns the same access token.

I have tested this myself and could replicate the same behavior when using the client credentials grant to call the /oauth/token endpoint. After obtaining the same token the second time, I could use it to query my API verifying that it is a valid access token.

Yes, you can configure your client credentials grant request with a cache option. Be mindful and take measures for the possibility of a cached access token expiring before the actual caller gets to use it.

AFAIK, this seems like normal behavior, but I will double-check with our Engineers. I will relay that information once I find out.

Thank you.