|
|
|
|
|
|
by jon-wood
2166 days ago
|
|
|
Thanks, that makes a lot of sense - I was thinking in terms of the ultimate client application being compromised, which isn't helped by refresh tokens, but hadn't considered that services along the way don't ever see those tokens. |
|
|