OAuth2 Update token. How to keep it on the client side

Question

OAuth2 Update token. How to keep it on the client side

There is an OAuth2 server authorization to access the update token + update. As far as I understand, the access token can be stored on the client side, because it has a short live circle. But can the token be stored there ? According to the information I read, there is no safe way to do this (here)

So, I have to implement a separate server service, just to save the update token.

I'm right? Is this the only way to keep the update token?

PS Client side: angularJS

+4

javascript oauth oauth-2.0 token access-token

anastsiacrs Feb 19 '16 at 13:56

source share

1 answer

iandayman · Accepted Answer · 2016-02-19T14:47:39+0000

Yes you are right. If you cannot authenticate using the authorization server (i.e., skip client ID and secret), you will receive only a short-term access token.

Since the Angular code is on the client, it will not be safe for him to keep your client's secret. Therefore, you cannot transfer your client secret to the Auth server so that you cannot authenticate.

Also, your server code will not just save the token, it will have to place the endpoint that will accept the authentication code, and then call the Auth server with this code (and your client credentials) to get the token and update the token,

auth http , .

OAuth2 Update token. How to keep it on the client side

More articles: