How to save refresh tokens?

Question

I\'m trying to add authentication feature to my application. The authentication server implements oauth 2.0

I\'m not sure how to save the re

Answer 1

Refresh tokens are used to obtain access (this process requires HTTP Basic Auth). So, unless user has your (id,secret) combination he can't do much about it. However, storage of refresh token must be considered very seriously.

Here's my two cents:

1. Store your tokens in a DB

2. Whenever you use refresh token to obtain access token reset the refresh token as well. (Oauth2.0 has this feature, you can let the refresh token unchanged too, but it's wise in terms of security perspective to keep it changing and updating the DB)

Hope this gives some insights!!