I've got an instance of IdentityServer4, an Angular SPA, a webserver, and an api service on another network. What are the security implications of having a JWT that is stored on the client side, and used to authenticate to the webserver calls and passed down to the api service for auth as well. The SPA never calls the api service directly, everything is proxied through the webserver. Is there an other preferred mechanism for this?
Sharing of JWT Tokens
1.6k Views Asked by Darthg8r At
1
There are 1 best solutions below
Related Questions in JWT
- Is my JWT refresh plan secure?
- Basic Auth to Receive Token in Spring Security
- JWT Auth custom user token
- Can JWT be a replacement for session based authentication for web application?
- Batching tokens with Laravel, JWT and Angularjs
- Google OAuth2 JWT token verification exception
- Why do I get SecurityTokenSignatureKeyNotFoundException?
- How does refreshing of jwt token work in django REST angular
- Protractor testing, access and modify Window object properties
- How can i expire my JWT token, when user is idle for sometime(Token based authorization) in nodeJS/Express and Angular
- Why is the Spring Security REST Plugin not compatible with JDK 1.6?
- Would I need CSRF if using JWT?
- Parser exception in JWT when encryption and signing is enabled
- JSON Web Token (JWT) with Spring based SockJS / STOMP Web Socket
- JWT (JSON Web Token) in C++ using boost and openssl bug
Related Questions in SINGLE-PAGE-APPLICATION
- How to combine ng-view with complete pages in AngularJS?
- What memory issues may arise from a single page JavaScript/AJAX application when kept open over a period of months?
- Proxy request path in AWS for Single Page App
- Example of Single-Page Application (SPA) using Polymer 1.0
- How to use Jasper Reports with AngularJS
- SEO with single page application
- How can you control memory usage in Cordova?
- What strategy could I use to deploy a SPA with basic page sitting in front
- stacking pages in SPA, good idea or bad?
- Would I need CSRF if using JWT?
- react server side rendering with client side routing
- Angularjs resource with scope parameter
- Unable to call save method in Breeze controller
- How to configure Sails.js for SPA using multiple .html files
- Not able to route from the jquery css click in AngularJS
Related Questions in IDENTITYSERVER4
- Role based Authorization on WebApi Controllers in IdentityServer4?
- No storage mechanism for grants specified. Use the 'AddInMemoryStores' extension method to register a development version
- How to implement Windows Authentication with IdentityServer 4
- Identity Server Difference between IdentityServer4.EntityFramework and IdentityServer4.AspNetIdentity
- Storage of OAuth access tokens in Javascript clients (e.g. Angular)
- Client registration and login page with Identity server 4
- Google Auth not returning a consistent ID with IdentityServer4
- IdentityServer4 RequireConsent true hangs
- Get current user name in IdentityServer4 & ASP.net Core
- Protecting .NET framework 4.x web API with Identity server 4 in
- Sharing of JWT Tokens
- Can I use IdentityServer4 spa JS UI instead of asp .net core mvc?
- Does IdentityServer4 have API to validate an access token?
- IdentityServer4 IdentityServer3.AccessTokenValidation
- How to get id_token along with access_token from identityserver4 via "password" grant_type?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
This is a really good answer to this perennial question about access tokens stored somewhere in the client-side JS application: https://stackoverflow.com/a/41189419/1395123