feat: make OAuth refresh tokens single use

This commit is contained in:
Jonathan Barrow 2026-01-03 14:12:23 -05:00
parent 07fc399303
commit 822c8fb5ab
No known key found for this signature in database
GPG Key ID: 2A7DAA6DED5A77E5

View File

@ -137,6 +137,11 @@ async function getPNIDByOAuthToken(token: string, expectedSystemType: SystemType
}
}
// * Refresh tokens are single use
if (expectedTokenType === TokenType.OAuthRefresh) {
await oauthToken.deleteOne();
}
return pnid;
} catch (error: any) {
// TODO - Handle error