Redmond Magazine

Microsoft Alters Azure Active Directory Refresh Token Settings

Microsoft has changed the default settings for Azure Active Directory refresh tokens, but just for new tenancies. Refresh token expirations were causing access frustrations for end users, Microsoft ...
heise online

No Chance for Token Theft: The Backend-for-Frontend Pattern

The Backend-for-Frontend pattern addresses security issues in Single-Page Applications by moving token management back to the server. Martina Kraus has been involved in web development since her early ...
Redmond Magazine

Microsoft Previews Token Lifetime Policies for Azure Active Directory

Microsoft is previewing an Azure Active Directory capability that lets organization have better control over application access by end users. The control gets managed by specifying how long a token ...
heise online

Page 2: The Backend-for-Frontend Pattern: The Architectural Solution

Given the serious security issues with token storage in the browser, a fundamental question arises: Why even try to store access tokens securely in the frontend when you can instead leave them where ...
Dark Reading

When Good Tokens Go Bad

Tokens are an identity's crown jewel for digital authentication and authorization. Whether they are human or machine, and instantiated as API tokens, OAuth credentials, session tokens, or ephemeral ...