From the course: Microservices: Security
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Token maintenance and protection
From the course: Microservices: Security
Token maintenance and protection
- [Instructor] After a token has been issued, a few maintenance activities may take place before the token reaches its end of life. To help manage these activities, the identity and access management platform may add some token management features that are optional or not completely defined for authorization servers in the OAuth specification. In the best case scenario, a token is used for appropriate access by a client until it reaches its expiration date. At this point, it no longer can be used for access to a microservice. This is typically achieved by setting an expires in claim on the access token or storing information regarding its expiration date. In general, it is best to keep the access token short-lived, so that if it were to be compromised, it doesn't provide access for a long period of time. In some scenarios, clients may be provided with a refresh token that allows them to obtain a new access token without…