Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
Ross Alex2020-12-10 15:08:17
OAuth
Ross Alex, 2020-12-10 15:08:17

How to store oAuth2 token without user pin?

Greetings!

There are 2 tokens from oAuth2: access and refresh. You can make AES with a salt in the form of user-pin 4 digits and put it in localStorage / IndexedDB, and then ask the user for a pin as soon as decryption is needed (if there is no decrypted access in memory). But the question is: how to protect the token if there is no pin? Request salt from the server?

Thanks for the advice

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
@
@Twitt2019-09-27 10:53:05
Do I understand correctly that Oauth is a standard, and everyone implements it differently? 1Reply
G
goju2017-05-07 17:31:28
What scope Google API to use for authorization? 1Reply
R
razer962019-10-30 09:51:54
How to properly implement the OpenID Conenct authentication scheme? 0Reply
A
alexg-nn2019-11-16 18:45:40
What if you don't need oauth2? 1Reply
O
olezhenka2017-06-20 15:32:25
How to set up Implicit Flow? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question