API Authorization Resources
- Nimisha Asthagiri (Deactivated)
Owned by Nimisha Asthagiri (Deactivated)
Jun 12, 2018
1 min read
Loading data...
- https://auth0.com/blog/5-steps-to-add-modern-authentication-to-legacy-apps-using-jwts/
- https://auth0.com/docs/quickstart/backend/django
- https://nordicapis.com/decouple-user-identity-from-api-design-to-build-scalable-microservices/
- OAuth Scopes on a platform
- OAuth RFC
- Where to store tokens in the browser?
- https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage
- Store JWT tokens in cookies
- protect against CSRF attack
- note: max size of a cookie is only 4kb
- Storing in HTML5 storage is vulnerable to XSS attacks by JS running from the same domain
- Store JWT tokens in cookies
- https://auth0.com/docs/security/store-tokens
- https://dev.to/rdegges/please-stop-using-local-storage-1i04
- secure=true, httpOnly, SameSite=strict
- https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage
- API Authorization Notes