1 Reply Latest reply on Jan 6, 2015 12:35 PM by ryanrutan

    Consequences for access token when token refreshed

    colin.duggan@fmr.com

      Hi,

       

      Whilst testing Jive's refresh token endpoint I noticed that old access tokens are still valid even after the user has been issued with a new version;


      /oauth2/token?refresh_token=xyz&grant_type=refresh_token

       

      Is this standard OAuth behavior? The old token remains active until its natural expiry ( set to 48 hours on the system I'm working on).