Hi @aaronpk, do you know if any OAuth provider like Okta allows to set refresh tokens as HttpOnly cookie and whose token endpoint reads that cookie? Asking for a browser-based public client which can't safely store refresh tokens outside of memory otherwise.
WeChat ID
aaronpk_tv