Collaborate Disseminate
The existing system involves storing the bearer token in a cookie to fulfill a customer request of not only downloading an attachment within the application but also opening it in another tab. This is achieved by utilizing the client appli… Continue reading Storing bearer token in cookie for file retrieval in another tab
I’m working on a web application where a user gains access by clicking on a magic link sent to them by an internal co-worker. Upon clicking this link, the user is automatically authenticated and a session cookie is established to maintain… Continue reading Are JWT’s needed when implementing passwordless magic link authentication?
I’m currently implementing a system which consists of a collection of apps. Similar to the way Microsoft 365 consists of Word, Excel, etc.
Ideally I’d like to log in once, then navigate between apps. However, each app requires different … Continue reading OAuth2 component scopes
I just ran into something strange IMO.
I created a RSA Key using nodejs cryptoutils to use with my JWT auth server.
What I observer using jwt.io was the following:
The last letter of the signature can be changed, and the jwt is still consi… Continue reading JWT – Able to change signature and its still verified?
I have an application that I want to secure with JWT tokens. For what I have read, the common practice is to have very short lived access tokens and very long lived refresh tokens, so that when an access token is required a refresh token c… Continue reading JWT access vs refresh tokens
We’ve got an Angular app that calls APIs with JWT token authentication (so an auth token and a refresh token). Now at some point the user changes his password (while normally logged in, so not with a "reset password" logic when h… Continue reading Do you need to invalidate JWT token upon password change?
I would like to ask how I should go about securely transmitting the password between two applications. I have two projects that work with each other. The first one is a project called AuthApi, which authenticates the user and creates token… Continue reading ow do I move password securely between api and web?
I’ve been reading countless articles about login flows and what’s the best for user auth, but it’s all even more confusing now.
My scenario:
I have a simple app (capacitor spa) that has a simple username/password login. I essentially have … Continue reading Best login flow for username and password authentication
I have a matchmaking server that I’ve wanted to use for a game I’m making in the future.
My issue lies with the JWT token.
How do I go about storing dynamic values in JWT tokens efficiently? I prefer not to break the stateless part of JWT … Continue reading Dynamic values in JWT token
I’m developing a web application and I want to use token based authentication, but after implementing the feature on the server side I got stuck on trying to figure out what is the best approach to storing JWTs on the client.
I found mysel… Continue reading What’s the best approach to storing JWTs on the client