Ahmed Shahram
TTCTheo's Typesafe Cult
•Created by Jimmy Page on 12/27/2024 in #questions
JWT with long-lived Refresh Tokens
Ya all make sense, perfect. BUT, If an actor is that proficient that he can get/steal your access token (that is short lived), how hard would it be for him to steal the refresh token?
I think Google's access token lifespan is 1h, so a person just have to sniff your network for 1.01h at max to get your refresh token also, then your'e f*ed 🥲.
76 replies