Security Requirements for Refresh Token Storage
What qualifies as "Secure Storage" for refresh tokens under the requirements? Documentation only references Azure Key Vault, but are other storage methods allowed?
In my openion, you can use any storage from where you can securely read/store your refresh token, it can be any key storage service provided by any public cloud (like AWS KMS).It can be any secret management solutions.
best is not to store on same system where you are using it.