token-questions

gistfile1.txt

Should the client or the server take more security precautions?

  The server is the ultimate protector of data

What's the difference between local storage and session storage?

  local storage lives forever until deleted, session storage live until the browser tab is closed.

What problem does a JWT expiry time solve?

  Minmizes the time a token can be used. Instead of having tokens that are valid forever. Forever is a long time.

Is a refresh endpoint protected or public?

  protected

What would happen if a refreshed JWT was requested with a JWT that had already expired?

  The server would respond with a 4xx error. Having an expired JWT is just like having no JWT

What does it mean to queue a callback?

  Set up function to run at a specific time or after a specific event.

What does the clearTimeout function do and what argument do you pass into it?

  It stops a particular queued function from running. It takes a timeout id, which is the return value from setTimeout()

For which of the following events should a refresh request be queued after?
  
  A successful user registration request
    YES
  
  A successful login request
    YES
  
  A page load
    YES
  
  A successful API request to a protected endpoint for posting a comment
    YES
  
  A successful refresh request
    YES
  
  A push state navigation event
    YES
  
  A user logs out
    NO

What is OIDC?

  OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol.