|
|
|
|
|
|
by tracker1
3386 days ago
|
|
|
Or have really short lived tokens, requiring regular refresh, and don't worry about expiring them... you can then delete the refresh token so it can't be found requiring full re-auth if necessary. OAuth2 + JWT is fine... just whitelist the algorithms you allow and use HTTPS for all communications, even internal. |
|
|