Tap to unmute

What are Refresh Tokens?! and...How to Use Them Securely


Пікірлер • 13

  • Sunny Henry
    Sunny Henry Ай бұрын +1

    Awesome and easy to understand! Thank You Very Much! I do have one question though, that I can't seem to find the answer to. For refresh token rotation, is it a sliding rotation? Meaning when I get a new refresh token is the expiration pushed back further than the initial expiration? Or is there a way to configure it to, regardless of how many refresh tokens I get, have a combined expiration of... let's say 30 days?

    • OktaDev
      OktaDev  Ай бұрын

      Thanks for your question! Let us do some research and get back to you, please 🙏

  • Rahul Ganga
    Rahul Ganga 13 сағат бұрын

    Sir, thanks you very much ,I have been searching for long for this😂 ...
    From India 🇮🇳 ♥️

  • jimkk159
    jimkk159 25 күн бұрын

    Awesome viedo! However, I wonder if the token family break the server stateless?

  • Juan Bolaños
    Juan Bolaños Ай бұрын +1

    Thank you! It helped me a lot

    • OktaDev
      OktaDev  Ай бұрын

      Glad to hear that!

  • manes hipocrates
    manes hipocrates Ай бұрын

    Clearly explained. Thanks. But, but how can a beginner get an example of using Okta and spring boot 3 microservices?

    • manes hipocrates
      manes hipocrates 20 күн бұрын

      @Matt Raible Thanks.

    • manes hipocrates
      manes hipocrates Ай бұрын

      @OktaDev Thanks. But you know if there any major changes I should be aware of, in case I want to use Okta with a spring boot 3 application?

    • OktaDev
      OktaDev  Ай бұрын

      Thanks for your feedback. We don't have content on Spring Boot 3 yet but we'll keep that in mind as a topic to tackle.

  • Sridhar Yemparala
    Sridhar Yemparala 26 күн бұрын +1

    What happens if refresh token was played by hacker before real user needs it? So the hacker gets the new 2nd access token. So silly 😂. The whole opened has a flaw! The persistence of the token should be on the SP side so not post them and stop. Not the IDP checking later. Which is pure useless

    • mrj
      mrj Күн бұрын

      I see the whole flow bullshit, next years must be a much better way for doing this. current methods are so ridiculous