Protect against replayed tokens #9
Description
Currently, token replay is only protected by token expiration. This leaves a small window of opportunity for attackers.
This can be fixed by storing used token identifiers ( warehouse uses issuer + jti claims) and disallow reuse. The data only needs to be persisted until after the token has expired.