|
|
|
|
|
|
by nimvlaj30
1662 days ago
|
|
|
There are two ways (that I'm aware of) of doing auth; JWT tokens or storing sessions in database. Sessions in database is probably the most secure way. But I'm working with a React SPA, so I'm using JWT tokens. I've only had brief familiarity with using Amazon Cognito for work. Pain points are that I'm not sure how secure storing JWT tokens in the browser's localstorage is. I briefly looked into HTTP-only cookies, but it seems more difficult to set, and also not really worth it? It seems that CSRF and XSS vulnerabilities remain an unsolved problem. If you want to improve on something in that space, I'd say security is the major area to do it in. Seriously, I'd put up with more technical pain than AWS Amplify's Javascript library is giving me just to guarantee that the application is secure. |
|
|
What you're talking about is a big problem as well. Yet we'd like to have Stripe like solution at authorization space.
One of the part of that would be security as well.