verdi327 · May 16, 2019 14:28
diff --git a/thinkful-auth-questions.txt b/thinkful-auth-questions.txt
 1) Should the client or the server take more security precautions?
 The server.

 What's the difference between local storage and session storage?
 Session storage only exists for as long as the tab is open.  Local storage persists across multiple tabs, but not across multiple windows.

 What problem does a JWT expiry time solve?
 Using expiring tokens means that a malicious user cannot indefinitely act as you.  The token will eventually expire and valid user must login again.

 Is a refresh endpoint protected or public?
 Refresh endpoints are protected and require a valid JWT.

 What would happen if a refreshed JWT was requested with a JWT that had already expired?
 It wouldn't work.  The user would need to re-login.

 What does it mean to queue a callback?
 Queuing means the function won't execute until some time in the future.

 What does the clearTimeout function do and what argument do you pass into it?
 Clear timeout takes the original timeout id and it removes it from the call stack.

 For which of the following events should a refresh request be queued after?
  A successful user registration request - YES
  A successful login request - YES
  A page load - YES
  A successful API request to a protected endpoint for posting a comment - YES
  A successful refresh request - YES
  A push state navigation event - YES
  A user logs out - NO

 What is OIDC?
 OpenId Connect is an industry standard for authentication systems.
	1) Should the client or the server take more security precautions?
	The server.

	What's the difference between local storage and session storage?
	Session storage only exists for as long as the tab is open. Local storage persists across multiple tabs, but not across multiple windows.

	What problem does a JWT expiry time solve?
	Using expiring tokens means that a malicious user cannot indefinitely act as you. The token will eventually expire and valid user must login again.

	Is a refresh endpoint protected or public?
	Refresh endpoints are protected and require a valid JWT.

	What would happen if a refreshed JWT was requested with a JWT that had already expired?
	It wouldn't work. The user would need to re-login.

	What does it mean to queue a callback?
	Queuing means the function won't execute until some time in the future.

	What does the clearTimeout function do and what argument do you pass into it?
	Clear timeout takes the original timeout id and it removes it from the call stack.

	For which of the following events should a refresh request be queued after?
	A successful user registration request - YES
	A successful login request - YES
	A page load - YES
	A successful API request to a protected endpoint for posting a comment - YES
	A successful refresh request - YES
	A push state navigation event - YES
	A user logs out - NO

	What is OIDC?
	OpenId Connect is an industry standard for authentication systems.