refresh_token_logic.puml

@startuml
start
note right
* **RT** refers to the refresh token in the request
* **RT_new** refers to the new refresh token
* **AT** refers to the Access Token that was created
at the same time as RT
* **AT_new** refers to the access token under creation
* **AT_refreshed** refers to an access token that might
already have been created from RT (but RT is still in
its grace period and therefore still valid)
end note
#aafe00:**POST (grant_type=refresh_token)**;
#ff5555:token validation;
note right
  * The RT **instance** is stored
  in the request object
  * The RT **code** is stored
  in the request object
end note
:new token generation (in memory);
partition Saving {
  :get RT code;
  :get RT instance from the cache in *request*;
  if (token reuse) then (yes)
    :db lock AT instance;
    :update the AT db record in place with
    the new token code/expiration;
  else (no)
    #aafe00:LOCK refresh token and refresh it from DB;
    :revoke the refresh token;
    if (AT_refreshed exists) then (yes)
      :return access token linked to the brand new refresh token;
      note left
        leave db untouched
      end note
    else (no)
      #ff5555:create (db) AT_new with //source_refresh_token//
      pointing to RT;
      note right
        Through //source_refresh_token// we say AT_new
        was created from RT
      end note
      :create (db) RT_new pointing to AT_new;
    endif
  endif
}
stop
@enduml