a guest Sep 18th, 2019 100 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
- 1. Both need the same level of security precautions, because while the client is more exposed to end-user interactions,
- the server stores sensitive information.
- 2. Local storage stores data and it persists even when the browser session is closed, while session storage will be cleared
- once the user closes the browser window.
- 3. It will solve the problem of security concerns when the user does not logout and leave the browser window opened by
- expiring JWT token after a certain period of time
- 4. protected
- 5. As a protected endpoint, server will send 'unauthorized request' response
- 6. wait until a certain condition (time, etc) to be met for this callback to respond
- 7. remove any timeouts. _timeoutId
- 8. 2, 5
- 9. OpenID Connect
- OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol.
- It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server,
- as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
- to request and receive information about authenticated sessions and end-users.
- The specification suite is extensible, allowing participants to use optional features such as encryption of identity data,
- discovery of OpenID Providers, and session management, when it makes sense for them.
RAW Paste Data