What information about the relationship is retained by the authorization server?

anlexN · August 17, 2023, 1:03pm

I am fresh man, and reviewing docs step by step.

Authorization Code Flow with Proof Key for Code Exchange (PKCE)

and I wonder where information about the relationship should be retained? authorization server memory? cache database (like Redis)? or persistent database (like PostgreSql)?

If it is persistent database, I think I should create a table and insert your says information like this, right?

access_token	refresh_token
eyJz93a…k4laUWw	GEbRxBN…edjnXbL

But the previous Refresh Token is invalidated, I should delete table row for GEbRxBN...edjnXbL, I think no information is retained by the authorization server.

Could it be that new access token and new refresh token, my new table row, your says information?

tyf · August 17, 2023, 10:26pm

Hey there @anlexN !

The authorization server as it’s referred to in the but you pointed out is referring to Auth0 - You don’t need to do anything to store information about the relationship

anlexN · August 18, 2023, 2:55am

@tyf, @dan.woda @James.Morrison @rueben.tiow @lihua.zhang So Auth0 by itself, how to store information about the relationship? like my demonstrated idea?

tyf · August 24, 2023, 12:51am

Hey @anlexN sorry for the delayed response on this one!

Yes, this is correct - When a refresh token rotation occurs the previous information is replaced by the new info.

anlexN · August 24, 2023, 1:58am

the new info only have access token and refresh token’s relationship
and this info is stored in persistent database (like PostgreSQL),
right?

system · September 7, 2023, 1:58am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.