Should the client or the server take more security precautions? server What

1. Should the client or the server take more security precautions?
2. server
3.  
4. What's the difference between local storage and session storage?
5. session is only valid during a session, local is always valid.
6.  
7. What problem does a JWT expiry time solve?
8. a token being used after a user is no longer around. 20 minutes...20 years etc
9.  
10. Is a refresh endpoint protected or public?
11. Protected
12.  
13. What would happen if a refreshed JWT was requested with a JWT that had already expired?
14. It would not actually get refreshed, since it is already expired.
15.  
16. What does it mean to queue a callback?
17. Push the callback further back so that it does not get called.
18.  
19. What does the clearTimeout function do and what argument do you pass into it?
20. The clearTimeout() method clears a timer set with the setTimeout() method. The setTimeout id.
21.  
22. For which of the following events should a refresh request be queued after?
23.  
24. A successful user registration request
25. A successful login request - yes
26. A page load - yes
27. A successful API request to a protected endpoint for posting a comment - yes
28. A successful refresh request -yes
29. A push state navigation event - yes
30. A user logs out
31.  
32. What is OIDC?
33. This protocol enables a range of clients to securely authenticate, for example, web clients can authenticate, mobile clients
34. or even servers themselves might need to authenticate with other servers.