Read on Twitter
When I first learned about token-based #authentication, I assumed using a refresh #token would issue a new access token _and_ refresh token.
My wish has come true today, with @auth0 releasing Refresh Token Rotation
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🎉" title="Party popper" aria-label="Emoji: Party popper">
https://auth0.com/blog/securing-single-page-applications-with-refresh-token-rotation/
What">https://auth0.com/blog/secu... does this actually mean?https://abs.twimg.com/emoji/v2/... draggable="false" alt="👇" title="Down pointing backhand index" aria-label="Emoji: Down pointing backhand index">
My wish has come true today, with @auth0 releasing Refresh Token Rotation
https://auth0.com/blog/securing-single-page-applications-with-refresh-token-rotation/
What">https://auth0.com/blog/secu... does this actually mean?
Before: Single Page Apps wouldn& #39;t get a refresh token, because a compromised RT was too dangerous. To reauthenticate, an iframe was used instead, relying on third-party cookies.
However, recent browser #privacy improvements have impacted #SPA& #39;s when it comes to #OAuth.
However, recent browser #privacy improvements have impacted #SPA& #39;s when it comes to #OAuth.
After: #SinglePageApps can now get a single-use refresh token with a shorter expiry, and use that to reauthenticate a user or obtain a new access token.
No more third-party cookies. No more iframes.
No more third-party cookies. No more iframes.
