Refresh Token
A long-lived credential issued alongside an access token that allows the client to obtain new access tokens without requiring the user to re-authenticate. Refresh tokens must be stored securely, as their compromise grants persistent access. Best practices include refresh token rotation (issuing a new refresh token on each use and invalidating the old one) and binding tokens to client identity to limit their usability if stolen.
Protokol Terkait
Disebutkan dalam Panduan
JSON Web Tokens: Structure, Signing, and Common Pitfalls
Security & Authentication
API Security Checklist: OWASP Top 10 for APIs
Security & Authentication
API Authentication Patterns: Bearer Tokens, API Keys, and Session Cookies
Security & Authentication
Authentication at the API Gateway: JWT Validation, OAuth, and API Keys
API Gateway Patterns
Testing Error Scenarios: Simulating 4xx and 5xx Responses
Testing & Mocking