I am learning to build express based app. Here's what I did:Created oauth flow to access data. After getting the auth token I made a request to that service and as expected I did receiveOAuth the data but when I made the same request with another browser those auth tokens were accessible to everyone.According to my coding, if I get tokens and store it in a variable then it's accessible to all upcoming users. I want to know how you guys perform this task. Do you store it in DB then get data from client headers and verify it or store the tokens in client headers?Please let me a process flow which is more suitable and secure.
Submitted January 24, 2020 at 07:29AM by ExhaustedWildcat
No comments:
Post a Comment