Answer the question
In order to leave comments, you need to log in
T
T
Troodi Larson2019-12-11 19:50:36
Troodi Larson, 2019-12-11 19:50:36
vuejs authorization jwt validation?
Good evening. The essence of the JWT authorization check in the route is not entirely clear. In fact, you need to check whether the token is null. But you can write something to the local storage yourself (user) through the console. In this regard, the question is: is such an authorization check enough? All uploaded data is once again checked for authorization on the back. And a passing question, is authorization enough without a refresh token?
1 answer(s)
@troodi
This token is not just used.
1) You don't force the user to log in every time the primary token expires. The token is updated without user intervention using a refresh token.
2) If your tokens are stolen - your refresh token becomes irrelevant, the site requires you to authenticate with a username and password. After successfully completing this procedure, you will be issued a new pair of tokens and a refresh token. Accordingly, the refresh token stolen from you earlier turns into a pumpkin. So when an attacker's regular token goes bad, he won't be able to get a new one.
C
coderisimo, 2019-12-12 @troodi
And a passing question, is authorization enough without a refresh token?.
This token is not just used.
1) You don't force the user to log in every time the primary token expires. The token is updated without user intervention using a refresh token.
2) If your tokens are stolen - your refresh token becomes irrelevant, the site requires you to authenticate with a username and password. After successfully completing this procedure, you will be issued a new pair of tokens and a refresh token. Accordingly, the refresh token stolen from you earlier turns into a pumpkin. So when an attacker's regular token goes bad, he won't be able to get a new one.
Similar questions
A
Z
S
E
F
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question