Hello,
We've noticed something strange. When you generate an IFS token, you receive both an access token and a refresh token. The role of the refresh token is to allow an access token to be regenerated without the user having to re-authenticate. So far, so good, but I've noticed that I can refresh the access token as many times as I like using the same refresh token. This seems to me to pose a security problem, because in my opinion, a refresh token should only be able to be used once. Does this behavior seem normal to you?
Thanks.
Théo