MBI'm facing the same problem now, did you find that solution (storing the refresh token in the session) to be secure enough?Reply·Thread·Apr 9, 2018·Should I use local/session storage or cookie to store access/refresh token?