Create test to assert JTI, at_hash, code_hash for refresh flows
Closed this issue · 3 comments
aeneasr commented
mitar commented
I am not sure how. I would need some guideline. I could not find an existing test doing this check.
So we should have a test which would make sure that refreshed tokens do not have same JIT as the original ones.
aeneasr commented
Ok, no problem, I'll try and come up with one!
mitar commented
Have you made the fix here or have you just closed the issue?