|
|
|
|
|
|
by sisve
1079 days ago
|
|
|
If your access token is compromised, you would normally need your refresh token to get a new access token? So it would increase security, but if you lose your refresh token, you def have the same problem. Or am I missing some context? |
|
|
We only use refresh tokens for mobile devices as those can be security stored.
Access token renewal is allowed for browsers for as long as we detect a valid session.
And that session cannot be extended. Every 8 hours it's back to the authentication page with your YubiKey.