|
|
|
|
|
|
by Fradow
3070 days ago
|
|
|
If the Refresh Tokens are leaked, you revoke them and the user has to re-authenticate. It's crucial that clients are able to respond to their refresh tokens being revoked. The good thing is that it is a standard workflow, contrary to API key being revoked, which is generally not handled (most people hard-code API key in their client). |
|
|