fixedSecret property

The fixed part of the secret.

Any incoming rotation request referencing refresh token by ID and having the correct fixed part, but not the correct secret, will cause the refresh token to be invalidated (as the refresh token may have been leaked at that point). Since the refresh token's id is also part of the JWT access tokens for reference, we have to have this second part in here, ensuring that no one with just a (potentially expired) JWT can invalidate the refresh token.

Per default uses 16 bytes of random data.