OAuth 2.0 is a framework for authorization on the web, where a user can give one service (known as the client) access to data stored in another service (known as the resource server). The framework explains how to do a three-way "handshake" of sorts, where the user grants access via an authorization server and the client obtains an access token. The client then can use that access token to make authorized requests to the resource server. (A deeper explainer of OAuth 2.0 is beyond the scope of this article, but here's a really good explanation by Aaron Parecki.)
This article explores a specific edge case that can happen when OAuth 2.0 authorization servers use rotating refresh tokens to detect breaches.
TODO
TODO
TODO
TODO
TODO