Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
1. Should the client or the server take more security precautions?
Yes the server should take more security precautions probably from a security firm that specializes in security to make sure no one will be stealing information from your users.
2. What's the difference between local storage and session storage?
Session storage is the same as local storage except that the data doesn't persist outside of the tab (session).
3. What problem does a JWT expiry time solve?
Some users keep there tabs open for hours and a JWT is always valid so a malicious party can find one from years ago and use it access your API. Expiry time solves this issue.
4. Is a refresh endpoint protected or public?
Protected endpoint
5.What would happen if a refreshed JWT was requested with a JWT that had already expired?
If the JWT has expired, the method will throw an error and our middleware will respond with the unauthorized error.
6.What does it mean to queue a callback?
It means setting a particular time to run a function which is your callback.
7.What does the clearTimeout function do and what argument do you pass into it?
Function cancels the timeout that is currently being counted and you pass in the ID of the timeout you want to cancel.
8. For which of the following events should a refresh request be queued after?
A successful login request
A successful API request to a protected endpoint for posting a comment
A successful page load
A successful refresh request
A push state navigation event
9. What is OIDC?
This protocol enables a range of clients to securely authenticate.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment