/
API Authorization Resources
API Authorization Resources
- https://auth0.com/blog/5-steps-to-add-modern-authentication-to-legacy-apps-using-jwts/
- https://auth0.com/docs/quickstart/backend/django
- https://nordicapis.com/decouple-user-identity-from-api-design-to-build-scalable-microservices/
- OAuth Scopes on a platform
- OAuth RFC
- Where to store tokens in the browser?
- https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage
- Store JWT tokens in cookies
- protect against CSRF attack
- note: max size of a cookie is only 4kb
- Storing in HTML5 storage is vulnerable to XSS attacks by JS running from the same domain
- Store JWT tokens in cookies
- https://auth0.com/docs/security/store-tokens
- https://dev.to/rdegges/please-stop-using-local-storage-1i04
- secure=true, httpOnly, SameSite=strict
- https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage
- API Authorization Notes
Related content
API Authorization Notes
API Authorization Notes
More like this
Authorization
Authorization
More like this
API Authorization: Enterprise and Masters use cases
API Authorization: Enterprise and Masters use cases
More like this
API AuthN/AuthZ Thoughts
API AuthN/AuthZ Thoughts
More like this
Architecture: OAuth Scopes
Architecture: OAuth Scopes
More like this
Open edX REST API Conventions
Open edX REST API Conventions
More like this