asktami · November 2, 2019 00:03
diff --git a/authentication-with-JWT b/authentication-with-JWT

    Should the client or the server take more security precautions?
    ANSWER: the server
    
    What's the difference between local storage and session storage?
    ANSWER: 
    The difference between local and session storage is that while local storage
    is always available in any tab and window of the same machine's browser,
    session storage isn't.
    
    Session storage is only available in the browser tab that the data was saved in,
    as soon as that tab is closed, the data is gone
    
    What problem does a JWT expiry time solve?
    ANSWER: restrict the amount of time that an authorization token is valid for
    This gives the server more control of the validity of any JWTs it creates instead of
    relying on the frontend client to ensure tokens aren't stolen.
    We can limit JWTs to be only valid for the amount of time we choose.
    This solution involves an expiry time stored inside the JWT payload itself.
    
    Is a refresh endpoint protected or public?
    ANSWER: A refresh endpoint will be a protected endpoint that responds with a new JWT and thus a new expiry time.
    
    What would happen if a refreshed JWT was requested with a JWT that had already expired?
    ANSWER: ???
    
    What does it mean to queue a callback?
    ANSWER: To tell an endpoint request (the refresh request) to happen in XXX seconds???
    
    What does the clearTimeout function do and what argument do you pass into it?
    ANSWER: cancels the refresh request if a user goes idle: 
                                             /* remove the refresh timeout from the queue */
                                            clearTimeout(_refreshTimeoutId)
    
    For which of the following events should a refresh request be queued after?
    ANSWER: A successful login request
    
    Options:
        A successful user registration request
        A successful login request
        A page load
        A successful API request to a protected endpoint for posting a comment
        A successful refresh request
        A push state navigation event
        A user logs out
        
    What is OIDC?
    ANSWER: OpenID Connect (OIDC) is an authentication protocol,
    based on the OAuth 2.0 family of specifications. It uses simple JSON Web Tokens (JWT).

	Should the client or the server take more security precautions?
	ANSWER: the server

	What's the difference between local storage and session storage?
	ANSWER:
	The difference between local and session storage is that while local storage
	is always available in any tab and window of the same machine's browser,
	session storage isn't.

	Session storage is only available in the browser tab that the data was saved in,
	as soon as that tab is closed, the data is gone

	What problem does a JWT expiry time solve?
	ANSWER: restrict the amount of time that an authorization token is valid for
	This gives the server more control of the validity of any JWTs it creates instead of
	relying on the frontend client to ensure tokens aren't stolen.
	We can limit JWTs to be only valid for the amount of time we choose.
	This solution involves an expiry time stored inside the JWT payload itself.

	Is a refresh endpoint protected or public?
	ANSWER: A refresh endpoint will be a protected endpoint that responds with a new JWT and thus a new expiry time.

	What would happen if a refreshed JWT was requested with a JWT that had already expired?
	ANSWER: ???

	What does it mean to queue a callback?
	ANSWER: To tell an endpoint request (the refresh request) to happen in XXX seconds???

	What does the clearTimeout function do and what argument do you pass into it?
	ANSWER: cancels the refresh request if a user goes idle:
	/* remove the refresh timeout from the queue */
	clearTimeout(_refreshTimeoutId)

	For which of the following events should a refresh request be queued after?
	ANSWER: A successful login request

	Options:
	A successful user registration request
	A successful login request
	A page load
	A successful API request to a protected endpoint for posting a comment
	A successful refresh request
	A push state navigation event
	A user logs out

	What is OIDC?
	ANSWER: OpenID Connect (OIDC) is an authentication protocol,
	based on the OAuth 2.0 family of specifications. It uses simple JSON Web Tokens (JWT).
No results found