You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using the implicit flow is nice but that does not give you a refresh token by default. The problem to be solve is that for tool like zign the client use the secure authorization_codeRFC-6749 Section 4.1 must be provisioned to each user. In doing so you are exposing the secret of the client rending the authentication towards the OAuth2.0 provider kind of useless. You can however use an access token of a user to create new client which is then bound to the employee, increasing not only the security of the refresh token out in the wild,
Note: refresh tokens are bound to a client and can only be refreshed with the proper client
but that also ties the refresh token much closer to the individual user effectively personalizing a client just for that particular user.
Process Idea
Install zign
configure zign (endpoints)
Request access token via client using implict flow (returns access_token)
Use access_token to create client supporting auth_code (returns client)
Zign uses config to place received client in config dir
Zign initiates auth_code flow by opening the browser and requesting a code
The returned code is used to retrieve access_token and refresh_token
Problem Description:
Using the implicit flow is nice but that does not give you a refresh token by default. The problem to be solve is that for tool like zign the client use the secure
authorization_codeRFC-6749 Section 4.1 must be provisioned to each user. In doing so you are exposing the secret of the client rending the authentication towards the OAuth2.0 provider kind of useless. You can however use an access token of a user to create new client which is then bound to the employee, increasing not only the security of the refresh token out in the wild,but that also ties the refresh token much closer to the individual user effectively personalizing a client just for that particular user.
Process Idea
Links
The text was updated successfully, but these errors were encountered: