DevOps Articles

Curated articles, resources, tips and trends from the DevOps World.

OAuth 2: Pattern to Keep access_tokens Inside a Secured Zone at All Times

4 years ago dzone.com
OAuth 2: Pattern to Keep access_tokens Inside a Secured Zone at All Times

Summary: This is a summary of an article originally published by the source. Read the full original article here →

A typical OAuth 2 scenario: Often in a single page application (SPA), we see that the UX layer is responsible for both the GET call to the authorization code endpoint as well as the POST call to the access token endpoint to exchange the authorization code with the access token.

While this approach works, it leads to a number of problems: Add a server-side component to get the authorization code and exchange it for an access token.

Our service can use the refresh token to get a new access token followed by putting this new value in cache — both local and backing.

The method proxyBusinessMethod received the GET request and, in turn, read access_token from the cache and used that to call the "actual" business method.

Read More
Oh Dear
Oh Dear
The all-in-one monitoring tool for your entire website
Fathom
Fathom
Fathom Analytics: A Better Google Analytics Alternative
Namecheap
Namecheap
DevOpsChat Logo Your DevOps Community
Product
Useful Links

Made with pure grit © 2024 Jetpack Labs Inc. All rights reserved. www.jetpacklabs.com