You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think I am missing something but it seems to me that when you try an endless amount of random uuid's at the refresh-token endpoint at some point you get an jwt of a random user?
Probably this is secure because of guessing a random uuid is almost impossible.
But why can it be saved unencrypted to a database while you would save a password hashed? Because if your database is compromised you can login with it?
The text was updated successfully, but these errors were encountered:
I think I am missing something but it seems to me that when you try an endless amount of random uuid's at the refresh-token endpoint at some point you get an jwt of a random user?
Probably this is secure because of guessing a random uuid is almost impossible.
But why can it be saved unencrypted to a database while you would save a password hashed? Because if your database is compromised you can login with it?
The text was updated successfully, but these errors were encountered: