Collaborate Disseminate
I am tasked with moving away from implicit flow in a SPA. It is a basic solution consisting of a react SPA and a .net API, on the same domain. This web app is a case management solution that deals with medical data, running in a private ne… Continue reading Session/cookie expire time, match access token or refresh token from AD?
There is really not that great information on what the best practices are for auth in SPA/API solutions. Most of them just say use JWTs and auth code flow in the SPA. There is a ton of information regarding auth in a SPA where you are requ… Continue reading Best practises regarding authentication in SPA/API solutions with SSO
We are retrieving external users using OpenID with the PKCE flow. We are using the JWT returned from the auth server to authenticate the user. If it is valid, we extract the subject field from the token and use it as an ID in our users tab… Continue reading Can I store subject from a JWT from an external auth server in my DB?
I’m building a Spring app and a React app which also contains Chat functionality. I use WebSocket with RabbitMQ as message broker.
I store the chat history as encrypted messages with AES, and before I send them to the client, I decrypt t… Continue reading Can GET Requests with Spring Rest controllers be intercepted by attackers?