Challenge: Visit the Developer‑to‑Developer Hub and find a discussion or showcase that you find interesting. Interact with it by liking it or leaving a comment.
Post to complete: The link to the post + one sentence explaining why you found that specific post interesting or useful.
I really enjoyed this post by Nik on sessions and refresh tokens. It’s important to understand that there are different session layers and the responsibility a dev has when it comes to the application layer. In practice, it’s recommended to use short-lived tokens to shorten the window of opportunity for malicious users, but this introduces potential user friction since this means you have to re-authenticate more often. However, as Nik points out, refresh tokens (and token rotation) addresses this friction by allowing for silent authentication as long as the user’s IdP session is still valid.