https://community.spotify.com/t5/Spotify-for-Developers/PKCE-refresh-token-storage/m-p/5824678#M12315 <P>I'm currently building a SPA that communicates with the Spofity API using the Authorization Code with PKCE Flow.<BR /><BR /></P><P>How do I safely store the refresh token so the user won't need to grant authorization everytime it uses the application? My worriy is that if I use the browser's local storage, a malicious third party might manage to get access to the refresh token, and be able to generate an access token form it.</P> Fri, 19 Jan 2024 03:05:36 GMT Vitorgus 2024-01-19T03:05:36Z https://community.spotify.com/t5/Spotify-for-Developers/PKCE-refresh-token-storage/m-p/5824678#M12315 <P>I'm currently building a SPA that communicates with the Spofity API using the Authorization Code with PKCE Flow.<BR /><BR /></P><P>How do I safely store the refresh token so the user won't need to grant authorization everytime it uses the application? My worriy is that if I use the browser's local storage, a malicious third party might manage to get access to the refresh token, and be able to generate an access token form it.</P> Fri, 19 Jan 2024 03:05:36 GMT https://community.spotify.com/t5/Spotify-for-Developers/PKCE-refresh-token-storage/m-p/5824678#M12315 Vitorgus 2024-01-19T03:05:36Z