Oauth consumptions invalidated in typescript

good morning, after so much discussion and after having read this link that seems the most reasonable: link what should be used is a cookie and a token also in the session storage or localstorage which makes invulnerable to "direct" attacks on both sides, ie making calls from another domain or making calls by inserting scripts, so that it is totally sure to use oauth or other.

If you are using Oauth it is recommended that your service return 3 things

• Life time: to know when it expires
• accessToken: its name says it
• Refreshtoken: the refresh token allows you to request more accesstokens

The refreshtoken has no expiration date as the accesstoken and is generally ONE USE ONLY , once used it no longer works, unlike the access token that you can continue using it, so If the request for the new accesstoken fails then the user will have to enter their credentials again (we will have to log in again).

Once the refreshtoken is used you must return the same 3 things.

What I recommend is that you save the refreshtoken on your application server and use ajax / $ http to make a call to some endpoint (eg link ) for the server to process the new accesstoken with the authentication server.

The implementation of the client side varies depending on the authentication server and which Oauth library is using.

This process some call it the "Oauth dance" would be every time your token expires, it is annoying but it is thought for security after all.