This repository has been archived by the owner on Apr 13, 2020. It is now read-only.
Don't expose Refresh token to UI #17
Comments
|
Hi @jeevasusej It was not a good idea to create this project because at that moment we didn’t know the security concerns about ROPC flow and of course use refresh tokens in public clients. I think we should remove this repo. Regards! /cc @CarlosLanderas |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
We should not expose refresh token to the UI. Right?
How would you handle it in right way?
https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/
The text was updated successfully, but these errors were encountered: