Recently I have been reading about RTR (Refresh Token Rotation). After going over many blogs, docs, and various StackOverflow answers, I didn't find an appropriate solution for a couple of questions.
- Refresh tokens are meant to be long-lived tokens but in the RTR case scenario where every time an access_token is demanded a new refresh token is granted with it revoking the old refresh token, will the RTR token life span be any shorter compared to a non-RTR token?
- A
