Expiry Time

Should the client or the server take more security precautions?

A) Yes, with the use of pseudonymized data, security precautions are required. 

What's the difference between local storage and session storage?

A) Session storage is the same as local storage except that the data doesn't persist outside of the tab (session).
The difference between local and session storage is that while local storage is always available in any tab and window of the same machine's browser, session storage isn't.
Session storage is only available in the browser tab that the data was saved in, as soon as that tab is closed, the data is gone.
As a result, session storage gives us an extra security feature for the frontend.

What problem does a JWT expiry time solve?

A) his gives the server more control of the validity of any JWTs it creates instead of relying on the frontend client to ensure tokens aren't stolen.

Is a refresh endpoint protected or public?

A) A refresh endpoint will be a protected endpoint that responds with a new JWT and thus a new expiry time.

What would happen if a refreshed JWT was requested with a JWT that had already expired?

A)  If the JWT has expired, the method will throw an error and our middleware will respond with the unauthorized error.

What does it mean to queue a callback?

A) We can set when to execute the callback.

What does the clearTimeout function do and what argument do you pass into it?

A) ClearTimeout clears a setTimeout.  

For which of the following events should a refresh request be queued after?

A)
1. A successful user registration request
2. A successful login request
3. A page load
4. A successful API request to a protected endpoint for posting a comment
6. A push state navigation event
7. A user logs out


What is OIDC?

A) OIDC is called OpenID Connect. It is standard protocol for authentication systems.