python (12.9k questions)

javascript (9.2k questions)

reactjs (4.7k questions)

java (4.2k questions)

java (4.2k questions)

c# (3.5k questions)

c# (3.5k questions)

html (3.3k questions)

Questions - refresh-token

Why not to have two access_tokens and two refresh_tokens stored one in cookie and one in localstorage to protect from XSS and CSRF

Background Scenario is that we have a REACT SPA and a single API which is both a resource server and an authentication server. We want to implement simple tokens based auths. There is no dedicated SSO...
test-img

Rychu

security

authentication

access-token

restful-authentication

refresh-token

Votes: 0

Answers: 1

Latest Answer

We have implemented this flow and here are two main conclusions: This flow works great and gives more security when API and frontend are hosted on the same domain (e.g., api.example.com and example.c...
test-img

Rychu

Invalidating Jwt Token without a blacklist

I want to invalidate refresh jwt token without maintaining a blacklist of used refresh tokens with rotations, for this I had the idea of including a ValidationCode in the payload of the RT that the se...
test-img

dbzadnen khiari

oauth-2.0

jwt

authorization

access-token

refresh-token

Votes: 0

Answers: 1

Latest Answer

What you're describing here is a solution where you can just keep the latest RT used by the user in the database and allow only refresh requests with the RT saved in the DB. This is a valid approach b...
test-img

Michal Trojanowski

Initialise user in Blazor application after registration in B2C and refresh token

I've got a Blazor WASM app that uses B2C to register new users. After the user registers, the user is redirected to the app with the right token. However, after the registration I would like to initia...
test-img

Roberto

blazor

token

azure-ad-b2c

refresh-token

user-registration

Votes: 0

Answers: 0

I can refresh keycloak token in Postman, but I can't it in browser

When I refresh token in Postman everything is ok enter image description here But when I do it in browser I have a error like thisenter image description here My Payloadenter image description here
test-img

Вячеслав Мухин

frontend

keycloak

refresh-token

Votes: 0

Answers: 1

Latest Answer

Sounds like your UI has some issues with using the refresh-token. Pease try the folowing: copy the token to https://jwt.io/ and see if a "refresh_token" is available in the decrypted object....
test-img

Javali

Posts

Questions

Blogs

Jobs