I just wanted to know how OKTA ensures its ID Token, Access Token and Refresh Tokens are secured and safe from token attacks such as those mentioned here?
https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html
Common Token Attacks:
• None Hashing Algorithm,
• Token Sidejacking,
• No Built-In Token Revocation by the User (this one I think is already handled since OKTA has a token revocation endpoint)
• Token Information Disclosure
• Token Storage on Client Side
The developer may have some responsibility in this too but want to know what are those handled by OKTA.
Thanks,