Cross Site Scripting (XSS)

This note does not have a description yet.

  • Refresh Token Rotation Detects Token Theft

    When using refresh tokens to enable clients to get new access tokens one danger is that the longer-lived refresh token can be stolen and used to grant access to your application by an attacker. This is especially tricky in the browser where CSRF and XSS are commonplace.