Security implications of using the current session to mint new access tokens
I saw a setup recently where frontend and resource servers were hosted on subdomains of the same second level domain. E.g. ui.example.com and api.example.com.
It had an interesting authentication flow that seemed like a variant of the refr… Continue reading Security implications of using the current session to mint new access tokens