I far as I know refresh token is a long-lived token to generate new access tokens based on that. Can we consider refresh token generation as a better security measurement on every access token generation?
Does persisting refresh token makes OAuth 2.0 server vulnerable to account stealing or similar attacks?
Aucun commentaire:
Enregistrer un commentaire