Config.set('auth', new_refresh_token)?


I have been looking at the oAuth implementations in the community repository. It looks like they all work off of the basis that the refresh token never changes. As of oAuth 2.1 it is suggested that refresh tokens get rotated (draft-ietf-oauth-v2-1-01). Is there a way to save the new refresh token back to the config? Or is there any storage layer to store the changing refresh and access tokens?



1 Like

Anyone have any ideas on how this might be solved?