On Wed, Jul 14, 2010 at 8:25 AM, Andrew Arnott <[email protected]> wrote: > Um, if the signing key is lost, you're sunk. Forget about the database, > with the signing key you can forge your own tokens till doomsday (which will > come much more quickly). The keys are definitely the most confidential part > of the system, naturally.
It doesn't have to be that way. Refresh tokens can be backed by server-side state and stored as one-way hashes in a database. So no signing key involved there. And access token signing keys can be rotated quickly, so that even if they leak, you can recover quickly. Cheers, Brian _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
