Enable JWT auth for client-side

Hi there,
I am not sure that the way we handle authorization from the UI is the best practice as of today,
and since we have already some JWS auth mechanism in our server,
I believe we should use it also for the UI.

I found a nice post about it where the jwt token is being stored in HTTP-Only cookie which are not accessible via JavaScript and items stored in such cookies are not vulnerable to exposure via an XSS attack:

I would like to know if there is someone with more experience on server-side than me
who wants to work on this together…?


This looks like a great initiative! I would like to take part in it :slight_smile:

1 Like