JWTSimpleServer icon indicating copy to clipboard operation
JWTSimpleServer copied to clipboard

Published 20 hours ago verified publisher icon Xabaril

Don't expose Refresh token to UI

Open jeevasusej opened this issue 5 years ago • 1 comments

We should not expose refresh token to the UI. Right?

How would you handle it in right way?

https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/

jeevasusej avatar Jan 30 '20 18:01 jeevasusej

Hi @jeevasusej

It was not a good idea to create this project because at that moment we didn’t know the security concerns about ROPC flow and of course use refresh tokens in public clients.

I think we should remove this repo.

Regards!

/cc @CarlosLanderas

lurumad avatar Jan 30 '20 21:01 lurumad