[backend] Refactor FB & Google login flow to prevent the jwt token to be sent as a query parameter #108

fernanri · 2020-03-25T14:42:42Z

The current FB login flow is being made in the backend side and the resultant jwt token is then being transmitted to the frontend as a query parameter in a redirect call. This makes the jwt token to be leaked in the server logs. (at least) which is not optimal.

The proposal is to perform the full oAuth authentication flow, where the client (frontend) asks for the FB token and then calls an API method with that token. The API should then use the token to fetch the information needed and return a JWT token in the reply.

fernanri changed the title ~~Refactor FB login flow to prevent jet token to be sent as a query parameter~~ Refactor FB login flow to prevent the jwt token to be sent as a query parameter Mar 25, 2020

pfortuna changed the title ~~Refactor FB login flow to prevent the jwt token to be sent as a query parameter~~ [backend] Refactor FB login flow to prevent the jwt token to be sent as a query parameter Mar 25, 2020

carlospombeiro changed the title ~~[backend] Refactor FB login flow to prevent the jwt token to be sent as a query parameter~~ [backend] Refactor FB & Google login flow to prevent the jwt token to be sent as a query parameter Apr 1, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[backend] Refactor FB & Google login flow to prevent the jwt token to be sent as a query parameter #108

[backend] Refactor FB & Google login flow to prevent the jwt token to be sent as a query parameter #108

fernanri commented Mar 25, 2020 •

edited

Loading

[backend] Refactor FB & Google login flow to prevent the jwt token to be sent as a query parameter #108

[backend] Refactor FB & Google login flow to prevent the jwt token to be sent as a query parameter #108

Comments

fernanri commented Mar 25, 2020 • edited Loading

fernanri commented Mar 25, 2020 •

edited

Loading