|
|
|
|
|
|
by rp2684
2318 days ago
|
|
|
This problem will also exist if an opaque token is used instead of a JWT (as long as a refresh token is being used). Now you may argue that we don't need to use refresh tokens because that's complex, however, in that case, you are severely compromising on user security. See this please: https://supertokens.io/blog/all-you-need-to-know-about-user-... |
|
|