oauth-refresh-token-rotation

In spa which do not have back end storing refresh tokens safely is difficult . Refresh token rotation helps a public client to securely rotate refresh tokens after each use. When refresh token rotation behavior is enabled , a new refresh token is returned each time the client makes a request to exchange a refresh token for a new access token.

Note that in implicit flow, refresh tokens are not issued hence silent authentication must be used for getting new tokens. If security considerations are paramount then back end for front end should be used for securely storing tokens.

	Nishant Anand I am technical architect with around 18 years of experience in telecom , banking and health care domain. I was part of the founding team of Drishti and currently CTO at affordplan
	Consult Send Query