This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
The Google Cloud Community will be in read-only from July 16 - July 22 as we migrate to a new platform; refer to this community post for more details.
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Best practices on long-lived refresh tokens?

Posted on 07-10-2017 11:48 AM
Not applicable
Reply posted on --/--/---- --:-- AM

We're thinking of bumping the lifetime of our Apigee refresh tokens from 1 day to 6 months to simulate a "always signed on" experience for our end users. What are the security best practices around such long-lived refresh tokens? (Secure cookie attributes, ReuseRefreshToken, custom theft detection and revocation, etc.?)

2 0 748
Topic Labels
0 REPLIES 0
Top Solution Authors
View all