I just wanted to know how OKTA ensures its ID Token, Access Token and Refresh Tokens are secured and safe from token attacks such as those mentioned here?
Common Token Attacks:
• None Hashing Algorithm,
• Token Sidejacking,
• No Built-In Token Revocation by the User (this one I think is already handled since OKTA has a token revocation endpoint)
• Token Information Disclosure
• Token Storage on Client Side
The developer may have some responsibility in this too but want to know what are those handled by OKTA.