OAuth access token and page refreshes
I can see OAuth working well for a fully Ajaxified application, as the
local JS code can always replay the Bearer token to the server. However,
what happens if we have a page refresh? In that case I assume we lose the
token and then go back through the OAuth redirect process to get yet a new
access token issued. Is this correct, and are there patterns to avoid
this, such as storing the access token in HTML5 local storage?
No comments:
Post a Comment