Skip to main content

v25.3.9

v25.3.9

Fix regression in refresh token UsedTimes calculation

Fixed a regression in Hydra OAuth2 refresh token handling where the UsedTimes validation was incorrectly checking the Valid flag before comparing against the graceful count limit. This caused refresh tokens to be incorrectly rejected during the grace period when the UsedTimes field was not explicitly set, even when the usage count was within acceptable limits.

The fix ensures that refresh tokens are properly validated based on the usage count alone, without requiring the UsedTimes field to be explicitly marked as valid in the database.