risk of hacking tokens as String
enricjaen opened this issue · comments
Currently tokens are stored in memory as String, which suppose a risk if an intruder is able to dump the heap
public class AccessGrant implements Serializable {
private final String accessToken;
private final String refreshToken;
...
}
It is recommended to use byte or char arrays to be able to handle tokens securely, so the tokens can be nulled once they are not needed.