Collaborate Disseminate
I’m working on a mobile application and I need to create a token-authentication workflow.
So far I’ve pointed out main token:
Token by reference, that are store in database, like (https://www.django-rest-framework.org/api-guide/authentica… Continue reading Best way to handle token authentication workflow on mobile apps
I’m working on a mobile application, using django rest-framework as backend, and I’d like to archive the maximum security possible.
Now when the user log-in with email and password I generate a token, Token Authentication from rest_framewo… Continue reading How to use TokenAuthentication in mobile apps?
I am currently working on a medium scale app and am a month into learning React. I got to the part where I need to authenticate users. I have written some code and It is working, but I don’t know is it secure enough. When my users login, … Continue reading Where to store token from auth header in React
is it safe to read the jwt token before validating it?
my colleagues are implementing a "check jwt for aud value and route accordingly".
this means that:
First payload is being read by the code of our application
Then route to t… Continue reading is it safe to read the jwt token before validating it?
Scenario
I’m working in the oAuth flow for a new app, which is currently laid out like this
A React web App
A Rails backend
FusionAuth as an Authorization server
We are using the oAuth2.0 authorization code grant flow:
To login, the brow… Continue reading When using a cookie to header CSRF protection with JWTs, how to implement refresh tokens?
I’m building an app that uses Braintree for processing payments. According to the documentation, I need a server-side endpoint that returns the clientToken, which is then used to manage a user’s vault and process payments, so I’m trying to… Continue reading Is braintree clientToken supposed to be public?
I’m developing a platform that has 2 parts:
An API written using Laravel, that integrates with the database and provided data in a restful state.
Multiple fronts that connect to the API and perform different tasks.
Laravel suggests that … Continue reading What should I worry about when attaching a token to a request manually?
Gihub removed password authentication:
remote: Please see https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information.
fatal: unable to access ‘https://github.com/…/…..git/’: The requested … Continue reading Github.com token authorisation since 13th August, impractical?
I would like to generete a token from the set [A-Za-z0-9] and place it in a url. The url will be sent via SMS so it is important to token be relatively short. What is necessery length of token to be secure?
Token is valid infinitely, token… Continue reading Generating secure and relatively short token
If I understand correctly, a JSON Web Token (JWT) can be asymmetrically signed with a special private key (JWK). At least in some common configurations, the public part of the signing key can’t be obtained via classic x.509 certificates, b… Continue reading What is the point of signing a JWT with a JWK if you need to communicate with the token issuer?