thebinarypenguin · March 8, 2019 16:25
diff --git a/gistfile1.txt b/gistfile1.txt
 Should the client or the server take more security precautions?

  The server is the ultimate protector of data

 What's the difference between local storage and session storage?

  local storage lives forever until deleted, session storage live until the browser tab is closed.

 What problem does a JWT expiry time solve?

  Minmizes the time a token can be used. Instead of having tokens that are valid forever. Forever is a long time.

 Is a refresh endpoint protected or public?

  protected

 What would happen if a refreshed JWT was requested with a JWT that had already expired?

  The server would respond with a 4xx error. Having an expired JWT is just like having no JWT

 What does it mean to queue a callback?

  Set up function to run at a specific time or after a specific event.

 What does the clearTimeout function do and what argument do you pass into it?

  It stops a particular queued function from running. It takes a timeout id, which is the return value from setTimeout()

 For which of the following events should a refresh request be queued after?
  
  A successful user registration request
    YES
  
  A successful login request
    YES
  
  A page load
    YES
  
  A successful API request to a protected endpoint for posting a comment
    YES
  
  A successful refresh request
    YES
  
  A push state navigation event
    YES
  
  A user logs out
    NO

 What is OIDC?

  OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol.
	Should the client or the server take more security precautions?

	The server is the ultimate protector of data

	What's the difference between local storage and session storage?

	local storage lives forever until deleted, session storage live until the browser tab is closed.

	What problem does a JWT expiry time solve?

	Minmizes the time a token can be used. Instead of having tokens that are valid forever. Forever is a long time.

	Is a refresh endpoint protected or public?

	protected

	What would happen if a refreshed JWT was requested with a JWT that had already expired?

	The server would respond with a 4xx error. Having an expired JWT is just like having no JWT

	What does it mean to queue a callback?

	Set up function to run at a specific time or after a specific event.

	What does the clearTimeout function do and what argument do you pass into it?

	It stops a particular queued function from running. It takes a timeout id, which is the return value from setTimeout()

	For which of the following events should a refresh request be queued after?

	A successful user registration request
	YES

	A successful login request
	YES

	A page load
	YES

	A successful API request to a protected endpoint for posting a comment
	YES

	A successful refresh request
	YES

	A push state navigation event
	YES

	A user logs out
	NO

	What is OIDC?

	OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol.