yhamade

icon location Los Angeles, CA icon location Geek and widgeteer. I can code, but I wouldn't say I'm a developer. I might know something about Infrastructure, Cloud, and Cyber Security.

Results 4 issues of yhamade

react-auth-client doesn't support refresh tokens

react-auth-client doesn't include example support for using refresh tokens to get a new access token.

react-auth-client does not support PKCE

react-auth-client does not support PKCE and requires client secret to be coded into the application. This is considered an insecure method of authentication for untrusted clients, such as single page...

react-auth-client jwt_verifier.js does not check for token revocation.

The jwt_verifier.js does not check to see if the token has been revoked by the IDP. It only checks for valid signature. Please consider adding token revocation checking as a...

React-auth-client - jwt_verifier.js does not work with PingFederate

The included jwt_verifier.js requires that the JWKS URL provide the certificate in x509 format (x5c attribute). PingFederate may not provide this attribute. Instead you may consider implementing the "jwks-rsa" module...