BCP_4_14

Refresh Token Protection

Refresh tokens are an attractive target for attackers, since they represent the overall grant a resource owner delegated to a certain client. If an attacker is able to exfiltrate and successfully replay a refresh token, the attacker will be able to mint access tokens and use them to access resource servers on behalf of the resource owner.

OAuth 2.0 Security Best Current Practice (draft 25) (SecBCP, section 4.14)

Mitigations

This threat is considered fully mitigated if all the test cases from one of the following test sets succeed.

• Set #1
• TokenEndpoint.UsesTokenRotationTest (impact factor: 14%)
• TokenEndpoint.InvalidatedRefreshTokenTest (impact factor: 1%)
• TokenEndpoint.RefreshTokenRevokedAfterUseTest (impact factor: 14%)
• TokenEndpoint.IsRefreshBoundToClientTest (impact factor: 14%)
• Tokens.RefreshTokenEntropyMinReqTest (impact factor: 14%)
• Tokens.RefreshTokenEntropySugReqTest (impact factor: 1%)
• TokenEndpoint.IsModernTlsSupportedTest (impact factor: 14%)
• TokenEndpoint.IsHttpsRequiredTest (impact factor: 14%)
• TokenEndpoint.HasValidCertificateTest (impact factor: 14%)
• Set #2
• TokenEndpoint.IsRefreshBoundToClientTest (impact factor: 50%)
• TokenEndpoint.IsRefreshAuthenticationRequiredTest (impact factor: 50%)

The impact factor is a measure that indicates how important a given countermeasure is towards mitigating a threat.

Back to the threat overview