fix: rotate refresh token

2022-03-08 19:18:33 +05:30 · 2022-03-08 19:18:33 +05:30 · 7136ee924d
commit 7136ee924d
parent fd9eb7c733
1 changed files with 2 additions and 0 deletions
--- a/server/handlers/token.go
+++ b/server/handlers/token.go
@ -143,6 +143,8 @@ func TokenHandler() gin.HandlerFunc {
 			userID = claims["sub"].(string)
 			roles = claims["roles"].([]string)
 			scope = claims["scope"].([]string)
+			// remove older refresh token and rotate it for security
+			sessionstore.RemoveState(refreshToken)
 		}

 		user, err := db.Provider.GetUserByID(userID)