Revoke the current iteration of a refresh token if an expired iteration of is used

Description

This behavior is only necessary for public clients. There shouldn't be harm in applying this behavior to confidential clients, but some research may be necessary to ensure that this is the case.

To illustrate this:
The current behavior is that a refresh token is issued to a client with value `abcd` and has ID: 7. When `abcd` is used, a new refresh token with value `efgh` is issued to the client, still having ID: 7.

If a user tries to redeem an access token with `abcd`, they will hit an error, and `efgh` will still work.

The desired behavior is that if a user tries to redeem an access token with `abcd`, they will hit an error, and `efgh` would be revoked.

This behavior should apply to all past iterations of a token, not just the previous one.

Environment

None

Assignee

Unassigned

Reporter

Nick Grosenbacher

Labels

None

Validator

Bruce Hoff

Development Area

None

Release Version History

None

Epic Link

Priority

Major
Configure