This note does not have a description yet.
Links to this note
-
Refresh Token Rotation Detects Token Theft
When using refresh tokens to enable clients to get new access tokens one danger is that the longer-lived refresh token can be stolen and used to grant access to your application by an attacker. This is especially tricky in the browser where CSRF and XSS are commonplace.