How to save refresh tokens?

Question

I\'m trying to add authentication feature to my application. The authentication server implements oauth 2.0

I\'m not sure how to save the re

Answer 1

You are right about your concern - you should not save the refresh token. By doing so, you jeopardize your client's data (and you know the reason; you wrote it in the question). oAuth is not supposed to work this way. You should keep the refresh token in-memory.