Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 days ago.
Improve this question
I am building an standard MERN application with login, register, authentication, tokens etc and i'm not sure about how to work with Cookies (also using Redux for the auth).
So far i've been using cookie-parser from NodeJS to set the user and jwt cookies when i log in, and to remove them when i logout.
The issue is that i don't know how to read them from the front-end to access the user data to modify the name, mail, password etc
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
Is there any way to implement Social Login(Google, Facebook, Apple) API NodeJs Express REST for a React Native App, the way it's done for the web apps? How would you create API's??
You can install an npm package for social login on the frontend. Then you can pass the values that you wanted through the api to the backend.
Here's an example https://www.npmjs.com/package/react-google-login
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
I'm creating a web app where users will only visit occasionally, so I'm trying to prevent the users from having to remember a password.
Would it be secure to have a flow like this.
Enter email (or phone number)
Get temporary password (create the password on the backend, save to mongoDB)
User enters temporary password (Validating against password in database and deleting and returning a token if matched)
let the user authenticate through token.
This question is opinionated so it will likely get closed... but short story, that’s totally fine. This is how Medium does it. Make sure the temporary passwords are encrypted in your database though as they are as sensitive as real passwords.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
Looking in to making a simple Angular - Node app and of course I have come across PassportJS for auth. Looking at the website, I'm finding it difficult to understand why I need it or what it does for me?
My users will login using a username and password. Why can't I just find a matching record in the db, set a session if required and return a response? Why should/would I use Passport for this?
No real reason, if that's all you want to do. Using passport starts to pay off when you start incorporating other authorization providers, such as Facebook, Twitter, google, etc.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I have read in many security related articles that on an incorrect login to a site the site should not specify whether the username or password is incorrect..
And This is true in practice also...Most sites report invalid login as
Either Username or password incorrect
What are the reasons that this type of error message is encouraged....??
If this really is the correct method, then why does stackoverflow site show what exactly is incorrect rather than the general practice...?
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
After the Twitter oauth process, once I finally get my access_token_key and access_token_secret is it safe to store these in a javascript variable client side?
As far as I can work out nothing can be done with these keys without the consumer_key/consumer_secret?
I believe yes, because anyway client already know about access token on oauth authentication process(as a part of redirected URL).
(And, at the same time, it is always safe to have as little information as possible...)