How to implement Github Oauth2 in a FARM stack app the secure way?

  Kiến thức lập trình

I am trying to implement a github authentification on my stack (FastAPI, React).

  • The user gets a homepage with a ‘start’ button.
  • The button triggers a redirect to github authorize.
  • Github sends a code for authentication which I send to my API that posts to https://github.com/login/oauth/access_token with the client_id and secret_key. Then the API returns an access_token to the frontend.
  • The frontend stores the token in localStorage
  • The frontend uses localStorage.getItem(‘accesstoken’) to send requests to the api.

My problem is this flow seems not very secure. The token is visible in inspect > application tab in my browser. My question is should I hash it and keep it in the localStorage or should I store it in the database.

I tried to read from FastAPI docs but it’s not specific to my issue since I am more confused about React’s role in this.

New contributor

Abdeljalil Yahya is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

LEAVE A COMMENT