ReplyApr 9, 2018I'm facing the same problem now, did you find that solution (storing the refresh token in the session) to be secure enough?Should I use local/session storage or cookie to store access/refresh token?