Collaborate Disseminate
I am currently following the instructions for getting an access token on behalf of a Twilio user described here
The part that is confusing me where it seems to generate an access token then proxy it back to the client. I guess the idea is… Continue reading Is it acceptable to send an access token back to a browser client?
What is the difference between the confirmation email token, and the access token?
If possible can you provide the official name for the email confirmation token?
Continue reading Whats the difference between confirmation email token and Access token? [closed]
Imagine I host some API. Its exact function is irrelevant to the question, but it needs to have some sort of authorization put in front of it. I want to call Google’s APIs, so users can interact with their Google data, so I add the necessa… Continue reading What risks are there in using an OAuth2 access_token from an IdP that I do not control to secure an API that I do control?
This question relates to this post I made on StackOverflow recently, which I’ll recap here briefly.
I have a desktop app that I would like to authenticate through a website, using the process outlined below:
I click a "Login" b… Continue reading Creating secure website-based login for a desktop app
I’m working on a mobile application and I need to create a token-authentication workflow.
So far I’ve pointed out main token:
Token by reference, that are store in database, like (https://www.django-rest-framework.org/api-guide/authentica… Continue reading Best way to handle token authentication workflow on mobile apps
Restrictions:
Access token will be short lived (2 minutes)
Access token will be one-time use only.
Given a strong random algorithm, would it be considered good practice to generate an opaque access-token by generating 256/512 random bits… Continue reading Good practice for generating opaque access-token
is it safe to read the jwt token before validating it?
my colleagues are implementing a "check jwt for aud value and route accordingly".
this means that:
First payload is being read by the code of our application
Then route to t… Continue reading is it safe to read the jwt token before validating it?
As I understand it, the basic idea is that you have accessToken (15 minutes), and refreshToken (1 week), a few moments before the accessToken expires, you need to ask the server for a new accessToken.
If the user closed the browser before … Continue reading Refresh tokens in a web environment
I’m trying to implement authentication for users on a web page using JWT tokens and, so far, I can create users and authorize them. I’m now trying to write the password reset functionality and I think I may be finished (per any examples an… Continue reading Web password reset steps
I’m building a web app in Node.js, Express, and Mongoose. I’m worried about security and optimization issues on what to send in the email link.
I see many of them sending: /:userId/:token, but if I would insert in the link only the token i… Continue reading Reset password parameters to send