1 like
·
335 reads
2 comments
·Dec 11, 2022
Dec 11, 2022
Hello, I have a question. I see you talk about "refresh tokens stored in the database". Why are you storing tokens in the database? It is as insecure as saving a password in clear text. What is the purpose of having all the tokens saved since it is so risky?
·
·1 reply
Author
·Dec 11, 2022
Thanks for pointing it out Jose. In production environment, we aren't suppose to reveal the token, both in the client side as well as the server side. The steps I have mentioned are to be followed in the development environment. In some scenario, people often encrypt refreshToken and store it in database. Storing tokens in clear text in not recommended.
You can refer to this link for more detailed explaination:
·