nextjs-starter icon indicating copy to clipboard operation
nextjs-starter copied to clipboard

Published 20 hours ago verified publisher icon iaincollins

Add documentation page explaining and link to security tips

Open iaincollins opened this issue 8 years ago • 1 comments

This should be addd as a page linked to on the left hand nav.

It should explain:

  • How the authentication system works (using HTTP Only cookies and what they are).
  • How the CSRF system we are using works.
  • How the express session middleware works.
  • What alternative approaches are for authentication (e.g. JWT) and advantages/disadvantages.

If anyone would like to have a go at this, please feel free!

iaincollins avatar Oct 16 '17 23:10 iaincollins

Any update on this? I am finding it a little difficult to figure out how the csrf is working. As per the code on this page. It seems there an input field being added with the field set to the csrf token. However, it looks like the onSubmit function is calling the NextAuth.csrfToken() method to pass in the csrf token. In other words the value set in the hidden input field is being ignored. Why is this implemented this way?

nahushf avatar Sep 02 '19 12:09 nahushf