I'm running a Node.js RESTful api where your typical response token from posting to /oauth/token would result in the following typical response
{
"refresh_token": "eyJraWQiOiI2...",
"token_type": "Bearer",
"access_token": "eyJraWQiOiI2Nl...",
"expires_in": 3600
}
When stored locally, aren't those tokens vulnerable to being hijacked? If they were stored as HttpOnly secure cookies how would I subsequently include them in the authorization header from the client side?
via Mathieu Bertin
No comments:
Post a Comment