**1. Should the client or the server take more security precautions?**They sho

1. **1. Should the client or the server take more security precautions?**
2.  
3. They should both take security precautions.
4.  
5. **2. What's the difference between local storage and session storage?**
6.  
7. Local storage persists for a domain even when a tab (session) is closed. Session storage only exists for the duration of the session (when the tab remains open).
8.  
9. **3. What problem does a JWT expiry time solve?**
10.  
11. It prevents JWTs from being valid forever so that old ones can't be used if discovered.
12.  
13. **4. Is a refresh endpoint protected or public?**
14.  
15. Protected.
16.  
17. **5. What would happen if a refreshed JWT was requested with a JWT that had already expired?**
18.  
19. The middleware will throw an unauthorized error.
20.  
21. **6. What does it mean to queue a callback?**
22.  
23. To set a later time of a function to execute.
24.  
25. **7. What does the clearTimeout function do and what argument do you pass into it?**
26.  
27. It clears a setTimeout() and takes the idea of the setTimeout() as its argument.
28.  
29. **8. For which of the following events should a refresh request be queued after?**
30.  
31. - A successful user registration request
32. - A successful login request
33. - A page load
34. - A successful API request to a protected endpoint for posting a comment
35. - A successful refresh request
36. - A push state navigation event
37. - A user logs out
38.  
39. A refresh request should be queued after a successful login request and after a successful refresh request.
40.  
41. **16. What is OIDC?**
42.  
43. An industry standard protocol for authentication systems.