earaujoassis
commented
1 year ago One solution:
- create token hierarchy to organize tokens. If the parent token is invalidated, all heirs are also invalidated.
Open earaujoassis opened 4 years ago
earaujoassis
commented
1 year ago One solution:
Refresh tokens are defined with an
eternalExpirationLength. Is that a security hole in the system? It must be investigated whether refresh tokens could be reused in an undefined period of time and what the RFC 6749 states about that.