This is for developer-specific feature requests. For other requests please contact our customer support team.
hi there! It would be helpful if Zoom supports Oauth 2 refresh token rotation per https://tools.ietf.org/html/rfc6819#section-5.2.2.3. This would help facilitate refresh token usage for apps with a stateless backend or SPAs (sample description here https://auth0.com/blog/securing-single-page-applications-with-refresh-token-rotation/)
Hello! I am also curious if this has been implemented. I just tried using the same refresh token to request multiple new access tokens, and the same refresh token worked each time, giving me a new access token and a new refresh token. While each refresh invalidates the previous access token, it does not seem to invalidate the previous refresh token that was used to make the request. Because of this, it definitely seems that any sort of frontend storage for the refresh token is out of the question, and that refresh tokens should be stored on the backend. Does this sound correct, or am I missing something obvious? Thanks!