JWT and OAuth for multiple devices?

How does the JWT and OAuth separately, I imagine. But how to combine them and thus leave the opportunity to work with multiple devices? The way I see it

1. The client generates the ID for the device. **DeviceId**
2. Reports **DeviceId**, **Login**, **Password** on the server
3. The server generates **AccessToken**, **RefreshToken** and stores in conjunction with **DeviceId** to distinguish between sessions on different devices.

Then the questions:

1. What is in this case, the tokens are random hashes, or is it a JWT with some paylaod inside.
2. If you want to save **AccessToken** in database? Or he keeps a JWT authorized user, and is saved only **RefreshToken**
3. What about the compromise of token on one of the devices? When you use **RefreshToken** attacking rassohina user on that device only, or **RefreshToken** for only one user, and after **AccessToken** on one of the devices and generate a new pair will be rasagiline all devices?

How do you even do in the mind, who has the experience of implementation?
June 3rd 19 at 19:30
0 answer

Find more questions by tags JSON Web TokenOAuth