I have a rather simple question that I cannot seem to find an answer to.
My questions is: Does Auth0 issue a new token every time the /token endpoint is a called by the same client requesting access to a different resource within a short period of time?
Consider the following scenario: We have Mule APIs that we want to expose to external clients. Clients can call one or more APIs. There is a likelihood some of these clients do not have robust session management implemented. This means that when it makes and API call, the access token issued during that call is discarded. Then, when the clients calls another (or even the same) API, it will be issued a new access token. This will lead to unnecessary token generation (token abuse).
Does Auth0 have any mechanism to avoid that? That is, if a client calls /token more than once in quick succession, does Auth0 generate new tokens, or does it recognizes calls from the same client and re-issue the same token (as long as, of course, is not expired).
Any thoughts would be much appreciated.