libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Replace referesh by refresh

Browse source
This commit is contained in:
Bruno Oliveira 2016-06-01 10:15:13 -03:00
parent 1177cdb3e2
commit faff58c3c8
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
topics/threat/compromised-tokens.adoc
View file

@ -9,7 +9,7 @@ might not realize they have to do this.
Another thing you can do to mitigate leaked access tokens is to shorten their lifespans. You can specify this
within the <<fake/../../sessions/timeouts.adoc#_timeouts, timeouts page>>.
Short lifespans (minutes) for access tokens for clients and applications to refresh their access tokens after a short amount of time.
If an admin detects a leak, they can logout all user sessions to invalidate these referesh tokens or set up a revocation policy.
If an admin detects a leak, they can logout all user sessions to invalidate these refresh tokens or set up a revocation policy.
Making sure refresh tokens always stay private to the client and are never transmitted ever is very important as well.
If an access token or refresh token is compromised, the first thing you should do is go to the admin console and push a not-before revocation policy to all applications.