29 likes
路
155 reads
4 comments
路Oct 14, 2023
Oct 14, 2023
This is really a nice article馃. I was hoping to see refresh token as one of the countermeasures. The use of refresh token This way you give the access token a short lifespan and give the refresh token a longer expiry time and maybe when the access token needs to be refreshed you also update the refresh token.
The refresh token can be encrypted as you stated in the article.
I love the relatable analogies you used.
3
路
路1 reply
Author
路Oct 14, 2023
Thanks for this amazing piece Fawas Kareem, indeed with refresh tokens, access tokens can have shorter lifespans, reducing the window for malicious activity.
1
路
路Oct 14, 2023
Oct 14, 2023
馃憦
1
路
路Oct 16, 2023
Oct 16, 2023
Great that you have added Countermeasures as well. Very well written.
1
路