|
|
|
|
|
|
by hdhzy
3270 days ago
|
|
|
Client certificates don't work in http2. If you use due diligence and store them in secure hardware then they could be a lot more secure than bearer tokens (cannot be exported) but I guess most people would just store a PKCS#12 file on disk and that'd make them as secure as a bearer token. On the other hand some companies use them even for browser clients for passwordless authentication. |
|
|