Upon deactivation of current token, activate a new token after the first usage

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem to solve

When performing Automatic reuse detection, when a current token is being deactivated, in cases of a network hiccup that can cause the response on the rotation endpoint to get lost so the user never receives the new token, and the old token has already been made inactive.

Proposal

Make token rotation a two-step process:

When a rotate call is made, it provides a new token, and then, make the new token active only after the first usage.