Simplify the OpenIddictProvider.ProcessSigninResponse() logic

src/OpenIddict/OpenIddictProvider.Helpers.cs

@@ -436,6 +436,8 @@ namespace OpenIddict
                 return true;
             }
 
+            var result = true;
+
             foreach (var token in await Tokens.FindByAuthorizationIdAsync(identifier))
             {
                 // Don't change the status of the token used in the token request.
@@ -444,10 +446,10 @@ namespace OpenIddict
                     continue;
                 }
 
-                await TryRevokeTokenAsync(token);
+                result &= await TryRevokeTokenAsync(token);
             }
 
-            return true;
+            return result;
         }
 
         private async Task<bool> TryRedeemTokenAsync([NotNull] TToken token)

src/OpenIddict/OpenIddictProvider.cs

@@ -167,11 +167,12 @@ namespace OpenIddict
                     }
                 }
 
-                // When rolling tokens are enabled, revoke all the previously issued tokens associated
-                // with the authorization if the request is a grant_type=refresh_token request.
-                if (options.UseRollingTokens && context.Request.IsRefreshTokenGrantType())
+                if (context.Request.IsRefreshTokenGrantType())
                 {
-                    if (!await TryRevokeTokensAsync(context.Ticket))
+                    // When rolling tokens are enabled, revoke all the previously issued tokens associated
+                    // with the authorization if the request is a grant_type=refresh_token request.
+                    // If the operation fails, return an error indicating the token is not valid.
+                    if (options.UseRollingTokens && !await TryRevokeTokensAsync(context.Ticket))
                     {
                         context.Reject(
                             error: OpenIdConnectConstants.Errors.InvalidGrant,
@@ -179,14 +180,13 @@ namespace OpenIddict
 
                         return;
                     }
-                }
 
-                // When rolling tokens are disabled, extend the expiration date
-                // of the existing token instead of returning a new refresh token
-                // with a new expiration date if sliding expiration was not disabled.
-                else if (options.UseSlidingExpiration && context.Request.IsRefreshTokenGrantType())
-                {
-                    if (!await TryExtendTokenAsync(token, context.Ticket, options))
+                    // When rolling tokens are disabled, extend the expiration date
+                    // of the existing token instead of returning a new refresh token
+                    // with a new expiration date if sliding expiration was not disabled.
+                    // If the operation fails, return an error indicating the token is not valid.
+                    if (!options.UseRollingTokens && options.UseSlidingExpiration &&
+                        !await TryExtendTokenAsync(token, context.Ticket, options))
                     {
                         context.Reject(
                             error: OpenIdConnectConstants.Errors.InvalidGrant,
@@ -194,9 +194,6 @@ namespace OpenIddict
 
                         return;
                     }
-
-                    // Prevent the OpenID Connect server from returning a new refresh token.
-                    context.IncludeRefreshToken = false;
                 }
             }