Techly NewsGet the app

Get the latest tech news

Refresh vs. Long-lived Access Tokens (2023)


Refresh vs. Long-lived Access Tokens

On the other hand, resource servers are run by dozens of teams with a wide range of technology stacks and security postures. Refresh tokens can live in secure enclaves or keychains, and their infrequent use in both memory and on the network provides some mitigation against transient attacks. Although this is typically a one-time cost and is often abstracted away by OAuth libraries, it nevertheless adds time to build to initial client implementations when compared to a simple access token.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of lived access tokens

lived access tokens

« Listen to the whispers: web timing attacks that work
Brave Search adds AI chat for follow-up questions after your initial query »