One time use of refresh tokens is really common? Where each refresh will get you a new access token AND a new refresh token?
replyThat's standard in oidc I believe
I don't have data on whether it is common, but I know a few OAuth vendors support it.
reply