Refresh Tokens Comes Invalidated When Requested Using Authentication API

lihua.zhang August 12, 2022, 8:40pm 1

We want to obtain a new Access Token using Authentication API, but the response got rejected.

POST /oauth/token with:
- Client ID
- Client Secret
- Grant type: refresh_token
- Refresh token

As Refresh Token Rotation only allows the use of a Refresh Token once, it gets invalidated after that and it can’t be used the second time.

August Community News 2022

Topic		Replies	Views
Refresh Token Used with a Wrong Client ID Knowledge Articles	1	470	December 13, 2023
Impact to the Existing Non-Rotating Refresh Tokens when Rotational Refresh Token Option is Enabled Knowledge Articles	1	385	December 11, 2023
When does a refresh token become invalid? Help auth0 , authentication , refresh-tokens	3	2234	July 12, 2022
Refresh_token grant type does not return a new refresh_token Help refresh-tokens , grant-types	2	4316	August 11, 2019
Invalid Refresh Token Help refresh-tokens , refresh_token	2	8511	March 26, 2018