We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Explain why refresh tokens are not always invalidated on subsequent refresh requests.
add in expires_at to draw notice that this has to be updates in whatever storage is used.
The RFC has been published
Added notice about flows that are incompatible with refresh tokens, since it comes up a lot
Corrected link to Customizing Token Expiration page
Updated Enable Refresh Token Credentials (markdown)
add example of refresh token with oauth2 gem
Created Enable Refresh Token Credentials (markdown)