/
API Authorization Resources
API Authorization Resources
- Nimisha Asthagiri (Deactivated)
Owned by Nimisha Asthagiri (Deactivated)
Jun 12, 2018
Analytics
Loading data...
- https://auth0.com/blog/5-steps-to-add-modern-authentication-to-legacy-apps-using-jwts/
- https://auth0.com/docs/quickstart/backend/django
- https://nordicapis.com/decouple-user-identity-from-api-design-to-build-scalable-microservices/
- OAuth Scopes on a platform
- OAuth RFC
- Where to store tokens in the browser?
- https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage
- Store JWT tokens in cookies
- protect against CSRF attack
- note: max size of a cookie is only 4kb
- Storing in HTML5 storage is vulnerable to XSS attacks by JS running from the same domain
- Store JWT tokens in cookies
- https://auth0.com/docs/security/store-tokens
- https://dev.to/rdegges/please-stop-using-local-storage-1i04
- secure=true, httpOnly, SameSite=strict
- https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage
- API Authorization Notes
, multiple selections available,
Related content
API AuthN/AuthZ Thoughts
API AuthN/AuthZ Thoughts
More like this
API Authorization: Enterprise and Masters use cases
API Authorization: Enterprise and Masters use cases
More like this
OAuth2, JWT and Mobile
OAuth2, JWT and Mobile
More like this
Mobile authentication with JWTs
Mobile authentication with JWTs
More like this
API Authorization Notes
API Authorization Notes
More like this
So you want to touch JWTs?
So you want to touch JWTs?
More like this