Check out the video series from Auth0 on authentication. Depending on your use-case (which yours falls into) there are still many choices. Auth is hard and filled with a ton of pitfalls. There are arguments to be made with JWTs, but the tried and true here is to use cookies and ensure that it is http-only, but it’s best to not just let me tell you. It’s better if someone else asks you and you can explain why you made this choice out of many. Those videos are short and very understandable.
I am a Full stack .NET Developer, I like to work with C#, Asp.Net Core, SQL, Mongo DB, Azure, JavaScript...
Always eager to learn new technologies. I am here to share, ask & eventually learn.
Even with Auth0, you have many choices — like JWT or cookie-based sessions. Auth0 provides many “strategies”, but it’s best to know which works best with the right trade-offs. Like, do you understand why JWTs may be insecure? Did you know that if you have a separate client and API both served from the same domain makes the headaches of having an auth server almost moot? These are good things to know when making an auth choice that underpins access to your systems. The wrong choice is hard to find time to re-do when you’ve already got live users
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Check out the video series from Auth0 on authentication. Depending on your use-case (which yours falls into) there are still many choices. Auth is hard and filled with a ton of pitfalls. There are arguments to be made with JWTs, but the tried and true here is to use cookies and ensure that it is http-only, but it’s best to not just let me tell you. It’s better if someone else asks you and you can explain why you made this choice out of many. Those videos are short and very understandable.
Thanks for sharing ☺️
Thanks, Curious If
Auth0
filled with a ton of pitfalls then why should i check the videos ?Even with Auth0, you have many choices — like JWT or cookie-based sessions. Auth0 provides many “strategies”, but it’s best to know which works best with the right trade-offs. Like, do you understand why JWTs may be insecure? Did you know that if you have a separate client and API both served from the same domain makes the headaches of having an auth server almost moot? These are good things to know when making an auth choice that underpins access to your systems. The wrong choice is hard to find time to re-do when you’ve already got live users