Skip to content

docs: warn against storing sensitive data in refresh token metadata#1492

Open
antonio-ortells wants to merge 1 commit into
auth0:mainfrom
antonio-ortells:docs/refresh-token-metadata-security-warning
Open

docs: warn against storing sensitive data in refresh token metadata#1492
antonio-ortells wants to merge 1 commit into
auth0:mainfrom
antonio-ortells:docs/refresh-token-metadata-security-warning

Conversation

@antonio-ortells

Copy link
Copy Markdown
Contributor

Summary

  • Adds a warning to the refresh token metadata doc clarifying it is not a secure data store and should not be used for secrets or high-risk PII (e.g. SSNs, credit card numbers).
  • Links to the GDPR compliance doc for further guidance.

Test plan

  • Preview the page to confirm the <Warning> block renders correctly

Clarifies that refresh token metadata is not a secure data store and should not hold secrets or high-risk PII.
@antonio-ortells antonio-ortells requested a review from a team as a code owner July 7, 2026 12:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant