I haven't used Okta yet, but one of its developers, Randall Degges @rdegges
, hangs out here and wrote one of my favorite rants on this websites which is not about Okta but still might be useful in term of authentication:
tl;dr - LocalStorage is not encrypted or domain-restricted. Basically, any JS script can read your LocalStorage and compromise your authentication tokens. Use Cookies instead.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I haven't used Okta yet, but one of its developers, Randall Degges @rdegges , hangs out here and wrote one of my favorite rants on this websites which is not about Okta but still might be useful in term of authentication:
Please Stop Using Local Storage
Randall Degges
tl;dr - LocalStorage is not encrypted or domain-restricted. Basically, any JS script can read your LocalStorage and compromise your authentication tokens. Use Cookies instead.