I have API get new access token from refresh token but i wonder that: should revoke refresh token and generate new refresh token when getting new access.
Case 1: api/refresh token => {new_access_token,new_refresh_token} (refresh_token revoked)
Case 2: api/refresh token => {access_token} (refresh_token not revoke)
What is bestpractive, im using Nestjs
Top comments (0)