Edge Case For Cookie Based Token Management
I have a React frontend and a Nodejs backend that uses authentication via an OIDC service provider. After a user goes through the SSO authentication flow I store the token (containing a refresh token with a 5 hr expiration) in a HTTPOnly cookie with a similar expiration time. I also store a JWT token (1 hr expiration) in a cookie that’s generated by my backend so that I don’t have to keep sending the OIDC token to the service provider on every request. On every request I verify the JWT token. If the JWT token has expired I use the OIDC refresh token to refresh the OIDC token (new access token, new id token, new refresh token) and generate a new JWT token. My web server is configured such that if the cookie containing the OIDC token is missing, it will redirect to /api/login which will start a new SSO authentication flow.
Edge Case For Cookie Based Token Management
I have a React frontend and a Nodejs backend that uses authentication via an OIDC service provider. After a user goes through the SSO authentication flow I store the token (containing a refresh token with a 5 hr expiration) in a HTTPOnly cookie with a similar expiration time. I also store a JWT token (1 hr expiration) in a cookie that’s generated by my backend so that I don’t have to keep sending the OIDC token to the service provider on every request. On every request I verify the JWT token. If the JWT token has expired I use the OIDC refresh token to refresh the OIDC token (new access token, new id token, new refresh token) and generate a new JWT token. My web server is configured such that if the cookie containing the OIDC token is missing, it will redirect to /api/login which will start a new SSO authentication flow.
(gvt-apex) Intermittent connectivity issues with Apexcloud
We have random api call connections to APEX Cloud which is extremely unstable and frequently ending with failures. Those API is failing with frequent 447 error.
(gvt-apex): Hitting error 446 in Apexcloud staging environment
FYI, I am following the guidelines below to call the api. Passing jwt token in the header with key ‘x-apex-jwt’ and payload in the API request.
How to ensure role authorization safe and up to date when using JWT token?
So, i’m currently building a web app using JWT for auth using token rotation method whereas my access token is refreshing its data every 5 minutes, but i stumble across a concern about using user role information in access token payload.
How to ensure role authorization safe and up to date when using JWT token?
So, i’m currently building a web app using JWT for auth using token rotation method whereas my access token is refreshing its data every 5 minutes, but i stumble across a concern about using user role information in access token payload.
How can I create an unsigned JWT with npm jose?
I got the task to create unsigned JWTs, which is possible by setting the alg value to none and omitting the third part, the signature of the JWT (see Create JWT token without signature?)
JSON Web Token – why is the payload public?
I can’t understand the reasoning for making the claims/payload of a JWT publicly visible after base64 decoding it.
JSON Web Token – why is the payload public?
I can’t understand the reasoning for making the claims/payload of a JWT publicly visible after base64 decoding it.
JSON Web Token – why is the payload public?
I can’t understand the reasoning for making the claims/payload of a JWT publicly visible after base64 decoding it.