What information about the relationship is retained by the authorization server?

I am fresh man, and reviewing docs step by step.

Authorization Code Flow with Proof Key for Code Exchange (PKCE)

and I wonder where information about the relationship should be retained? authorization server memory? cache database (like Redis)? or persistent database (like PostgreSql)?

If it is persistent database, I think I should create a table and insert your says information like this, right?

access_token refresh_token
eyJz93a…k4laUWw GEbRxBN…edjnXbL

But the previous Refresh Token is invalidated, I should delete table row for GEbRxBN...edjnXbL, I think no information is retained by the authorization server.

Could it be that new access token and new refresh token, my new table row, your says information?

Hey there @anlexN !

The authorization server as it’s referred to in the but you pointed out is referring to Auth0 - You don’t need to do anything to store information about the relationship :slight_smile:

@tyf, @dan.woda @James.Morrison @rueben.tiow @lihua.zhang So Auth0 by itself, how to store information about the relationship? like my demonstrated idea?

Hey @anlexN sorry for the delayed response on this one!

Yes, this is correct - When a refresh token rotation occurs the previous information is replaced by the new info.

the new info only have access token and refresh token’s relationship
and this info is stored in persistent database (like PostgreSQL),

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.