From ef475c58fa35d66cdb09bb701ee83555a0375f4c Mon Sep 17 00:00:00 2001
From: Dominick Baier <dbaier@leastprivilege.com>
Date: Wed, 7 Oct 2020 12:53:17 +0200
Subject: [PATCH 1/2] add null check before setting consumedTime

---
 .../src/Services/Default/DefaultRefreshTokenService.cs     | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/IdentityServer4/src/Services/Default/DefaultRefreshTokenService.cs b/src/IdentityServer4/src/Services/Default/DefaultRefreshTokenService.cs
index 3b5ea2de0e..3f56b19148 100644
--- a/src/IdentityServer4/src/Services/Default/DefaultRefreshTokenService.cs
+++ b/src/IdentityServer4/src/Services/Default/DefaultRefreshTokenService.cs
@@ -227,8 +227,11 @@ public virtual async Task<string> UpdateRefreshTokenAsync(string handle, Refresh
                 Logger.LogDebug("Token usage is one-time only. Setting current handle as consumed, and generating new handle");
 
                 // flag as consumed
-                refreshToken.ConsumedTime = Clock.UtcNow.UtcDateTime;
-                await RefreshTokenStore.UpdateRefreshTokenAsync(handle, refreshToken);
+                if (refreshToken.ConsumedTime != null)
+                {
+                    refreshToken.ConsumedTime = Clock.UtcNow.UtcDateTime;
+                    await RefreshTokenStore.UpdateRefreshTokenAsync(handle, refreshToken);
+                }
 
                 // create new one
                 needsCreate = true;

From b4c3b3c90c5932f18012b3a286a6c42dfe2df4ee Mon Sep 17 00:00:00 2001
From: Dominick Baier <dbaier@leastprivilege.com>
Date: Wed, 7 Oct 2020 13:01:40 +0200
Subject: [PATCH 2/2] typo

---
 .../src/Services/Default/DefaultRefreshTokenService.cs          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/IdentityServer4/src/Services/Default/DefaultRefreshTokenService.cs b/src/IdentityServer4/src/Services/Default/DefaultRefreshTokenService.cs
index 3f56b19148..af2c2c33c7 100644
--- a/src/IdentityServer4/src/Services/Default/DefaultRefreshTokenService.cs
+++ b/src/IdentityServer4/src/Services/Default/DefaultRefreshTokenService.cs
@@ -227,7 +227,7 @@ public virtual async Task<string> UpdateRefreshTokenAsync(string handle, Refresh
                 Logger.LogDebug("Token usage is one-time only. Setting current handle as consumed, and generating new handle");
 
                 // flag as consumed
-                if (refreshToken.ConsumedTime != null)
+                if (refreshToken.ConsumedTime == null)
                 {
                     refreshToken.ConsumedTime = Clock.UtcNow.UtcDateTime;
                     await RefreshTokenStore.UpdateRefreshTokenAsync(handle, refreshToken);