I've been doing a lot of research on this and I can't really find a good solution to this. I think it really depends on what you want for your application, but that doesn't really help me. I'm making a small chat application using Electron and Node.js and I'm working on the authenication flow right now. I'm implementing passport.js (if you have a better suggestion please let me know, I'm open to anything) and from the research I've done you can store it in a lot of places but it seems that people say never store it in localStorage due to XSS attacks. Storing the JWT in cookies is good because you have the option to add the secure and httpOnly option to it which prevents such attacks. I thought that storing in the Authorization header was best because isn't that what it's there for??Anyway, can someone lead me in the right direction? If you need more detail here is the current implementation on Github: https://github.com/clink73/KibChat-ServerThank you for the help!
Submitted February 21, 2019 at 01:00AM by Clink50
No comments:
Post a Comment