You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This stems from a higher level question I have about where is the best place to store an access token when authenticating with remix? I know this might be a bit of a "depends on your situation" kind of question, but after looking into a lot of the different remix-auth strategies to determine how they generally store the access token for usage, I can't quite figure it out.
Isn't it more secure, and better practice, to avoid returning the tokens in the verify function of the strategy so that the tokens don't get sent to the browser? Wouldn't it be better to set them in the remix session, instead, and generally only use the access token via the cookie on the remix server?
Sorry, this isn't really an issue with this library per-se, I just can't quite find an answer to how we should store and access access tokens securely in Remix.
Thanks for any advice/suggestions!
The text was updated successfully, but these errors were encountered:
Question: Should the remix strategy example documentation be updated to avoid returning the tokens in the verify function? Here's the line of code I'm referring to: https://github.com/sergiodxa/web-oidc/blob/main/README.md?plain=1#L110
This stems from a higher level question I have about where is the best place to store an access token when authenticating with remix? I know this might be a bit of a "depends on your situation" kind of question, but after looking into a lot of the different remix-auth strategies to determine how they generally store the access token for usage, I can't quite figure it out.
Isn't it more secure, and better practice, to avoid returning the
tokensin theverifyfunction of the strategy so that the tokens don't get sent to the browser? Wouldn't it be better to set them in the remix session, instead, and generally only use the access token via the cookie on the remix server?Sorry, this isn't really an issue with this library per-se, I just can't quite find an answer to how we should store and access access tokens securely in Remix.
Thanks for any advice/suggestions!
The text was updated successfully, but these errors were encountered: