Timeline for Where should I store OAuth2 access tokens?
Current License: CC BY-SA 4.0
10 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| S Dec 4, 2022 at 12:34 | history | suggested | Mike | CC BY-SA 4.0 | Fixed grammar; removed a bunch of unnecessary semi-colons |
| Dec 2, 2022 at 21:50 | review | Suggested edits | |||
| S Dec 4, 2022 at 12:34 | |||||
| Feb 11, 2016 at 20:01 | answer | added | Steve Sether | timeline score: 2 | |
| Feb 11, 2016 at 9:30 | history | tweeted | twitter.com/StackSecurity/status/697714290359410688 | ||
| Feb 10, 2016 at 22:36 | comment | added | Steve Sether | Also, think about how long you need your access token to be valid for. That limits how destructive the tokens leaking out would be. | |
| Feb 10, 2016 at 22:27 | comment | added | Steve Sether | I think you need to decrypt this into something more understandable. We aren't all web developers up on the latest and greatest technologies. What are you REALLY asking here? Forget about all the gobbledygook about JWT, JWE, etc. What's the real question, and who are you trying to protect against? Security is often about thinking at a higher level than all the alphabet soup. Think about data at rest, and data in transit, plaintext vs cryptotext, and secret keeping, not specific technologies. | |
| Feb 10, 2016 at 20:09 | answer | added | Chloe | timeline score: 12 | |
| Feb 10, 2016 at 12:48 | history | edited | S.L. Barth is on codidact.com | CC BY-SA 3.0 | Fixed typography, removed noise. |
| Feb 10, 2016 at 12:22 | review | First posts | |||
| Feb 10, 2016 at 12:48 | |||||
| Feb 10, 2016 at 12:15 | history | asked | Daniel | CC BY-SA 3.0 |