restheart icon indicating copy to clipboard operation
restheart copied to clipboard

Published 20 hours ago verified publisher icon SoftInstigate

Cookie based authentication

Open ujibang opened this issue 1 year ago • 0 comments

Brief overview

Allow to store the auth token in a secure cookie and allow to authenticate from it.

Rationale

  1. Using cookie authentication and JWT token effectively enable Single Sign On.
  2. Usually a client first authenticate using Basic Authentication and then use the auth token returned in the first response for furthers requests. This auth token is usually stored in the local storage by web clients. The local storage is readable by JavaScript thus opening this approach to Cross-site Scripting security attacks. Storing the auth token in a secure cookie avoids XSS.

Detailed documentation

TBD

ujibang avatar Aug 02 '23 13:08 ujibang