From fb30b9b089c86a6eeccee62898f6dbcfd300ed3e Mon Sep 17 00:00:00 2001
From: Jonas Franz <info@jonasfranz.software>
Date: Fri, 12 Apr 2019 09:50:21 +0200
Subject: [PATCH] Add option to disable refresh token invalidation (#6584)

* Add option to disable refresh token invalidation

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add integration tests and remove wrong todos

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix typo

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix tests and add documentation

Signed-off-by: Jonas Franz <info@jonasfranz.software>
---
 doc/advanced/config-cheat-sheet.en-us.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/advanced/config-cheat-sheet.en-us.md b/doc/advanced/config-cheat-sheet.en-us.md
index 3f99f1d1..1e97f93e 100644
--- a/doc/advanced/config-cheat-sheet.en-us.md
+++ b/doc/advanced/config-cheat-sheet.en-us.md
@@ -409,6 +409,7 @@ NB: You must `REDIRECT_MACARON_LOG` and have `DISABLE_ROUTER_LOG` set to `false`
 - `ENABLED`: **true**: Enables OAuth2 provider.
 - `ACCESS_TOKEN_EXPIRATION_TIME`: **3600**: Lifetime of an OAuth2 access token in seconds
 - `REFRESH_TOKEN_EXPIRATION_TIME`: **730**: Lifetime of an OAuth2 access token in hours
+- `INVALIDATE_REFRESH_TOKEN`: **false**: Check if refresh token got already used
 - `JWT_SECRET`: **\<empty\>**: OAuth2 authentication secret for access and refresh tokens, change this a unique string.
 
 ## i18n (`i18n`)