I've got an instance of IdentityServer4, an Angular SPA, a webserver, and an api service on another network. What are the security implications of having a JWT that is stored on the client side, and used to authenticate to the webserver calls and passed down to the api service for auth as well. The SPA never calls the api service directly, everything is proxied through the webserver. Is there an other preferred mechanism for this?
Asked
Active
Viewed 1,466 times
1 Answers
0
This is a really good answer to this perennial question about access tokens stored somewhere in the client-side JS application: https://stackoverflow.com/a/41189419/1395123
Community
- 1
- 1
Brock Allen
- 7,385
- 19
- 24