Code & Coffee 4/8/2022
- Why so many
- Looking for
- Meeting about a service
- Dev team was attempting to create an unauthenticated service with no ssl
- Meeting was to discuss that
- How did that come to be?
- Meetings turned into Authentication and security
- Why is it acceptable to create an unauthenticated unsecure service?
- Is there training needed?
- Oauth and JWT?
- JWT / jot what are you talking about?
- it is suggested in rfc7519 to pronounce JWT as "jot"
Is it safe to store JWT in memory?
To reiterate, whatever you do, don't store a JWT in local storage (or session storage). If any of the third-party scripts you include in your page is compromised, it can access all your users' tokens. To keep them secure, you should always store JWTs inside an httpOnly cookie