Hero Banner

Secure Application Model

Learn and ask questions on how to implement secure application model

Level 1 Contributor

Security Requirements for Refresh Token Storage

What qualifies as "Secure Storage" for refresh tokens under the requirements? Documentation only references Azure Key Vault, but are other storage methods allowed?

Level 4 Contributor

In my openion, you can use any storage from where you can securely read/store your refresh token, it can be any key storage service provided by any public cloud (like AWS KMS).It can be any secret management solutions.


best is not to store on same system where you are using it.