Create test to assert JTI, at_hash, code_hash for refresh flows

Question

Closed this issue 3 years ago · 3 comments

Is your feature request related to a problem? Please describe.

@mitar would you be open to tackle this?

Answer 1 · 2020-10-28T17:53:16.000Z

I am not sure how. I would need some guideline. I could not find an existing test doing this check.

So we should have a test which would make sure that refreshed tokens do not have same JIT as the original ones.

Answer 2 · 2020-10-29T09:01:06.000Z

Ok, no problem, I'll try and come up with one!

Answer 3 · 2021-10-18T23:40:11.000Z

Have you made the fix here or have you just closed the issue?