Refresh Token is expired before the lifetime or without expiration at all. Also, there is no Rotation or security breach associated.

Symptoms

A user couldn't retrieve an Access Token with their Refresh Token.

• Refresh Token

The RT is reaching a maximum in our DB (currently: 200), and after this accumulation, our server is erasing the older ones.

Troubleshooting

• Check the application RT configuration
• Check the logs related to that user
• Check the logs for failed exchanges and resource cleanups

• If the user wants to keep using older tokens, they must detect this error and retry (out of scope)
• If they accept to change their RT configuration, using Rotation and lifetime values will work better and safer