6:["$","div",null,{"className":"py-5","children":[["$","div",null,{"className":"flex flex-wrap items-center gap-3","children":[["$","span",null,{"className":"inline-flex size-9 shrink-0 items-center justify-center rounded-xl bg-muted text-lg text-primary","children":["$","i",null,{"className":"fa-jelly fa-regular fa-comment","aria-hidden":"true"}]}],["$","h3",null,{"className":"text-lg font-semibold tracking-tight text-foreground","children":"Comments"}],"$undefined"]}],["$","$L2e",null,{"initialItems":[{"postId":"64e76f0dd47513fefda66d94","slug":"single-sign-on-jwt-authentication-and-react","title":"Single Sign-On, JWT Authentication, and React","publishedAt":"2023-08-24T14:54:05.191Z","authorName":"Gal Malachi","authorUsername":"galm","authorAvatarUrl":"https://cdn.hashnode.com/res/hashnode/image/upload/v1607076268184/fwJRW6Y09.png?w=80&h=80&fit=crop&crop=faces&auto=compress,format&format=webp","commentType":"reply","commentSource":"post","commentPermalink":"/posts/single-sign-on-jwt-authentication-and-react/5fe22997c65ad56bef3a30b4/comment/64e626b0cae237eabaaba617#reply-64e76f0dd47513fefda66d94","parentThreadTitle":"Single Sign-On, JWT Authentication, and React","parentThreadSlug":"single-sign-on-jwt-authentication-and-react","parentThreadHref":"/posts/single-sign-on-jwt-authentication-and-react/5fe22997c65ad56bef3a30b4","contentHtml":"

Hi Emmanuel Gruffy\nAbsolutely, you can do that. You can also implement interceptors in your apiClient wrapper so you have a more robust method to handle the life cycle. But your suggested approach should definitely work

\n","upvotes":0},{"postId":"5fe3134cb4b79006ffdac0e7","slug":"single-sign-on-jwt-authentication-and-react","title":"Single Sign-On, JWT Authentication, and React","publishedAt":"2020-12-23T09:52:12.946Z","authorName":"Gal Malachi","authorUsername":"galm","authorAvatarUrl":"https://cdn.hashnode.com/res/hashnode/image/upload/v1607076268184/fwJRW6Y09.png?w=80&h=80&fit=crop&crop=faces&auto=compress,format&format=webp","commentType":"reply","commentSource":"post","commentPermalink":"/posts/single-sign-on-jwt-authentication-and-react/5fe22997c65ad56bef3a30b4/comment/5fe2d5c5e28a2b6bca52c3ca#reply-5fe3134cb4b79006ffdac0e7","parentThreadTitle":"Single Sign-On, JWT Authentication, and React","parentThreadSlug":"single-sign-on-jwt-authentication-and-react","parentThreadHref":"/posts/single-sign-on-jwt-authentication-and-react/5fe22997c65ad56bef3a30b4","contentHtml":"

Thanks M. Suman Patra, I’ll try to publish it as soon as possible

\n","upvotes":0},{"postId":"5fe2579fe28a2b6bca52bea7","slug":"single-sign-on-jwt-authentication-and-react","title":"Single Sign-On, JWT Authentication, and React","publishedAt":"2020-12-22T20:31:27.026Z","authorName":"Gal Malachi","authorUsername":"galm","authorAvatarUrl":"https://cdn.hashnode.com/res/hashnode/image/upload/v1607076268184/fwJRW6Y09.png?w=80&h=80&fit=crop&crop=faces&auto=compress,format&format=webp","commentType":"reply","commentSource":"post","commentPermalink":"/posts/single-sign-on-jwt-authentication-and-react/5fe22997c65ad56bef3a30b4/comment/5fe255c5c65ad56bef3a330a#reply-5fe2579fe28a2b6bca52bea7","parentThreadTitle":"Single Sign-On, JWT Authentication, and React","parentThreadSlug":"single-sign-on-jwt-authentication-and-react","parentThreadHref":"/posts/single-sign-on-jwt-authentication-and-react/5fe22997c65ad56bef3a30b4","contentHtml":"

Thank you, Braydon Coyer!

\n","upvotes":0},{"postId":"5fd7a4f67418a90e83c8961d","slug":"must-read-developer-articles-on-hashnode-22","title":"Must Read Developer Articles on Hashnode - #22","publishedAt":"2020-12-14T17:46:30.115Z","authorName":"Gal Malachi","authorUsername":"galm","authorAvatarUrl":"https://cdn.hashnode.com/res/hashnode/image/upload/v1607076268184/fwJRW6Y09.png?w=80&h=80&fit=crop&crop=faces&auto=compress,format&format=webp","commentType":"comment","commentSource":"post","commentPermalink":"/posts/must-read-developer-articles-on-hashnode-22/5fd786162444ad0ea8511ac3/comment/5fd7a4f67418a90e83c8961d","parentThreadTitle":"Must Read Developer Articles on Hashnode - #22","parentThreadSlug":"must-read-developer-articles-on-hashnode-22","parentThreadHref":"/posts/must-read-developer-articles-on-hashnode-22/5fd786162444ad0ea8511ac3","contentHtml":"

Thanks for mentioning me (:

\n","upvotes":0},{"postId":"5fd4f52df60e3973bae6b475","slug":"single-sign-on-jwt-authentication-and-nodejs","title":"Single Sign-On, JWT Authentication, and NodeJS","publishedAt":"2020-12-12T16:51:57.414Z","authorName":"Gal Malachi","authorUsername":"galm","authorAvatarUrl":"https://cdn.hashnode.com/res/hashnode/image/upload/v1607076268184/fwJRW6Y09.png?w=80&h=80&fit=crop&crop=faces&auto=compress,format&format=webp","commentType":"reply","commentSource":"post","commentPermalink":"/posts/single-sign-on-jwt-authentication-and-nodejs/5fcfbe7e816f312818ff6edc/comment/5fd4d47eb6e5766805757dd3#reply-5fd4f52df60e3973bae6b475","parentThreadTitle":"Single Sign-On, JWT Authentication, and NodeJS","parentThreadSlug":"single-sign-on-jwt-authentication-and-nodejs","parentThreadHref":"/posts/single-sign-on-jwt-authentication-and-nodejs/5fcfbe7e816f312818ff6edc","contentHtml":"

I’m not familiar with the packages/sdk you use (I assume you are the author, a disclaimer would’ve been nice btw) - so it might be easier, I’m not sure. But where’s the fun it that?

I always prefer to have as much control as possible, if possible.

\n","upvotes":0},{"postId":"5fae3a27fa438d6532c7ed53","slug":"react-and-jwt-authentication-the-right-way","title":"React & JWT Authentication - the right way!","publishedAt":"2020-11-13T07:47:51.195Z","authorName":"Gal Malachi","authorUsername":"galm","authorAvatarUrl":"https://cdn.hashnode.com/res/hashnode/image/upload/v1607076268184/fwJRW6Y09.png?w=80&h=80&fit=crop&crop=faces&auto=compress,format&format=webp","commentType":"reply","commentSource":"post","commentPermalink":"/posts/react-and-jwt-authentication-the-right-way/5f7332311d7a870a345b9db2/comment/5fad8694fa438d6532c7e735#reply-5fae3a27fa438d6532c7ed53","parentThreadTitle":"React & JWT Authentication - the right way!","parentThreadSlug":"react-and-jwt-authentication-the-right-way","parentThreadHref":"/posts/react-and-jwt-authentication-the-right-way/5f7332311d7a870a345b9db2","contentHtml":"

Great addition, thanks Martin Filteau, Eng., PMP 💪🏽

\n","upvotes":0},{"postId":"5f7b81ef9d088e603ef395d9","slug":"react-nodejs-and-jwt-authentication-the-right-way","title":"React, NodeJS and JWT Authentication - the right way!","publishedAt":"2020-10-05T20:28:31.019Z","authorName":"Gal Malachi","authorUsername":"galm","authorAvatarUrl":"https://cdn.hashnode.com/res/hashnode/image/upload/v1607076268184/fwJRW6Y09.png?w=80&h=80&fit=crop&crop=faces&auto=compress,format&format=webp","commentType":"reply","commentSource":"post","commentPermalink":"/posts/react-nodejs-and-jwt-authentication-the-right-way/5f4ff0aec48c6b29cd2ecd0a/comment/5f7b7beb9d088e603ef395b9#reply-5f7b81ef9d088e603ef395d9","parentThreadTitle":"React, NodeJS and JWT Authentication - the right way!","parentThreadSlug":"react-nodejs-and-jwt-authentication-the-right-way","parentThreadHref":"/posts/react-nodejs-and-jwt-authentication-the-right-way/5f4ff0aec48c6b29cd2ecd0a","contentHtml":"

Hi Eliran Shem Tov,

Thanks for the feedback!\nYes, it’s considered as a bad practice. You shouldn’t store the token in local/session storage. In part 2 of the series I deal with the client side, and provide code examples, I believe you’ll find some useful information there!

\n","upvotes":0},{"postId":"5f78acb09c3b6e4101216a6d","slug":"react-nodejs-and-jwt-authentication-the-right-way","title":"React, NodeJS and JWT Authentication - the right way!","publishedAt":"2020-10-03T16:54:08.058Z","authorName":"Gal Malachi","authorUsername":"galm","authorAvatarUrl":"https://cdn.hashnode.com/res/hashnode/image/upload/v1607076268184/fwJRW6Y09.png?w=80&h=80&fit=crop&crop=faces&auto=compress,format&format=webp","commentType":"reply","commentSource":"post","commentPermalink":"/posts/react-nodejs-and-jwt-authentication-the-right-way/5f4ff0aec48c6b29cd2ecd0a/comment/5f78abb69c3b6e4101216a5b#reply-5f78acb09c3b6e4101216a6d","parentThreadTitle":"React, NodeJS and JWT Authentication - the right way!","parentThreadSlug":"react-nodejs-and-jwt-authentication-the-right-way","parentThreadHref":"/posts/react-nodejs-and-jwt-authentication-the-right-way/5f4ff0aec48c6b29cd2ecd0a","contentHtml":"

I’m glad that you find it useful, Akash Raju M!

\n","upvotes":0},{"postId":"5f7841f47d160d41227d743c","slug":"react-nodejs-and-jwt-authentication-the-right-way","title":"React, NodeJS and JWT Authentication - the right way!","publishedAt":"2020-10-03T09:18:44.204Z","authorName":"Gal Malachi","authorUsername":"galm","authorAvatarUrl":"https://cdn.hashnode.com/res/hashnode/image/upload/v1607076268184/fwJRW6Y09.png?w=80&h=80&fit=crop&crop=faces&auto=compress,format&format=webp","commentType":"reply","commentSource":"post","commentPermalink":"/posts/react-nodejs-and-jwt-authentication-the-right-way/5f4ff0aec48c6b29cd2ecd0a/comment/5f7837917d160d41227d7363#reply-5f7841f47d160d41227d743c","parentThreadTitle":"React, NodeJS and JWT Authentication - the right way!","parentThreadSlug":"react-nodejs-and-jwt-authentication-the-right-way","parentThreadHref":"/posts/react-nodejs-and-jwt-authentication-the-right-way/5f4ff0aec48c6b29cd2ecd0a","contentHtml":"

Hi Lihai Ben-Haim,

Glad you like it!\nLet me answer your questions:

You are right, it is still not bulletproof, however, it makes it much difficult to still the token from the memory, as the attack should be tailored to your exact app. Combining that with a short-living tokens makes the risk low, but still exists.
The limit come from the refresh token expiration. When the user is active and logged in, we don't want revoke his access. If we want to limit the time for an active user, we can add a logic on the client side or the backend to force logout after a certain period. I didn’t took care of it here, but it is completely possible.
encrypting the token is a good practice as it contains the identifier of the user inside it, and if stolen can give the hacker data that might be used in future attacks.

\n","upvotes":0},{"postId":"5f74624d5defaf19d6aadb95","slug":"react-and-jwt-authentication-the-right-way","title":"React & JWT Authentication - the right way!","publishedAt":"2020-09-30T10:47:41.536Z","authorName":"Gal Malachi","authorUsername":"galm","authorAvatarUrl":"https://cdn.hashnode.com/res/hashnode/image/upload/v1607076268184/fwJRW6Y09.png?w=80&h=80&fit=crop&crop=faces&auto=compress,format&format=webp","commentType":"reply","commentSource":"post","commentPermalink":"/posts/react-and-jwt-authentication-the-right-way/5f7332311d7a870a345b9db2/comment/5f744280e46f1616184269a2#reply-5f74624d5defaf19d6aadb95","parentThreadTitle":"React & JWT Authentication - the right way!","parentThreadSlug":"react-and-jwt-authentication-the-right-way","parentThreadHref":"/posts/react-and-jwt-authentication-the-right-way/5f7332311d7a870a345b9db2","contentHtml":"

rasd sounds like a complete solution! I thought about setting a retry logic, but I didn’t want to complicate stuff since this post is very long as is. However, I do believe that calling the refresh endpoint few seconds before the token expires should cover 99% of the cases.

\n","upvotes":0}],"initialHasMore":true,"loadMoreUrl":"/api/profile/comments?limit=10&userId=5f492f59e8bad44a54232755","author":{"name":"Gal Malachi","username":"galm","avatarUrl":"https://cdn.hashnode.com/res/hashnode/image/upload/v1607076268184/fwJRW6Y09.png?w=80&h=80&fit=crop&crop=faces&auto=compress,format&format=webp"}}]]}]

Gal Malachi

About

Available for

Gal Malachi's blogs

Search Hashnode

Gal Malachi

About

Available for

Gal Malachi's blogs

Comments