Token Leak Process

In the case of a security breach during which client's tokens are stolen and two stations were active at the same time, only one would be able to refresh its access token. The other station's refresh token would be revoked. This results in one of the following two situations:

1. The customer's workstation is the first to refresh its access tokens and the attacker's tokens are revoked.
2. The attacker is the first to refresh the access tokens and the customer's workstation stops working, providing instant feedback that something is wrong, and the customer can discover the security breach.