Menu
▾
▴
Re: [Unity-idm-discuss] refresh token in PKCE flow
|
From: Sander A. <sa....@fz...> - 2022-07-13 13:38:12
|
Hi Krzysztof, the refresh token rotation mechanism would be a suitable solution for the application and it would be great to get this into unity. You might know the next question. When could it be available? Best regards, Sander On Thu, 2022-07-07 at 09:58 +0200, Krzysztof Benedyczak wrote: > Hi Sander, > > W dniu 07.07.2022 o 07:46, Sander Apweiler pisze: > > Good morning Krzysztof, > > Good morning Roman, > > > > one of our connected services is a single page application using > > OIDC > > with PKCE. They asked for a possibility to fetch new tokens using > > the > > refresh token, without authenticating the client. Reading the > > documentation, this is not possible. > > > > What is your opinion to this? Do you see another solution to their > > problem getting new tokens without sendign client credentials? > > So yes, as of now for public clients Unity blocks the refresh token > flow. > > Enabling that is not a big deal, but essentially means that we would > have to lift bunch of very important security protections. > > When it comes to PKCE+refresh tokens use, the industry standard is to > use one additional feature, which is called "refresh token rotation". > This one is not that super easy to implement - not super hard either, > but a noticeable amount of work. Surely we can put it on our roadmap > if > you have a decent use case. > > Best, > Krzysztof > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
