IssuedRefreshToken의 tokenValue 암호화

https://www.rfc-editor.org/rfc/rfc6819#section-4.5.2

### Threat: Obtaining Refresh Token from Authorization Server Database

>   This threat is applicable if the authorization server stores refresh
   tokens as handles in a database.  An attacker may obtain refresh
   tokens from the authorization server's database by gaining access to
   the database or launching a SQL injection attack.
Impact: Disclosure of all refresh tokens.

#### Countermeasures:

-  Enforce credential storage protection best practices ([Section 5.1.4.1](https://www.rfc-editor.org/rfc/rfc6819#section-5.1.4.1)).
-  Bind token to client id, if the attacker cannot obtain the required id and secret ([Section 5.1.5.8](https://www.rfc-editor.org/rfc/rfc6819#section-5.1.5.8)).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

IssuedRefreshToken의 tokenValue 암호화 #2

Threat: Obtaining Refresh Token from Authorization Server Database

Countermeasures:

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

IssuedRefreshToken의 tokenValue 암호화 #2

Description

Threat: Obtaining Refresh Token from Authorization Server Database

Countermeasures:

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions