Auth0 Home Blog Docs

Public client configuration

#1

Dear Auth0 Community,

I have read the documentation recommended by you about storing Refresh Tokens securely in a client application (mobile app).

What I want to know is how to configure the Auth0 (in general terms, then I will read the documentation and try to do it but I need you to point me in the right direction) in order to make that application isoleted. I mean, if the Refresh Token is stolen from the app (or in the communication) the only compromised thing is the particular user (that was logged in) with the application that he was using but avoid the attacker to use that Refresh Token to consume services or login in another clients (applications).

As far as I understand, that Refresh Token will identify that user with a particular client but I don´t know if I have to make some Rules or different Connections to make each Refresh Token just to be useful for a particular user connecting from a particular client (Public as the app or not).

Thank you very much for your support and congratulations for Auth0, it´s really a great platform!