(no title)
coverj
|
5 years ago
The way I've seen it work is with having short lived access tokens and a refresh token, with the refresh token being saved to a database so it can be revoked. I think the benefit over an opaque token is that you have data that can be verified to be true and then passed on to multiple places. E.g passed between microservices
No comments yet.