Discussion

Vic okeke

Your favourite software developer

Aug 9, 2022

JWT authentication, The right way.

I've seen a lot of articles talking about the famous JWTs (JSON web tokens) and how to use them in your software application, but they don't really talk about how to secure them from popular web attacks like XSS (cross site scripting) or even the pop...

vic3.hashnode.dev6 min read

#hacking #javascript #authentication #web-development

Responses(2)

A

Amolo

Software Developer

Aug 10, 2022

Great article!

Thank you

VO

Vic okeke

Your favourite software developer

Aug 11, 2022

OC

Osinachi Chukwujama

Web developer + Technical Writer

Aug 10, 2022

Nice article man. I have one question.

What if I'm building a payment service like Paystack and I need to allow a different users access my API? How can I enforce CORS in such a case?

VO

Vic okeke

Your favourite software developer

Aug 10, 2022

Yeah, you can request for their domains while they sign-up for your API, then store in a database, you then fetch all domains into an array/list is an accepted format in the cors origin option

A

Amolo

Software Developer

Aug 10, 2022

Additionally, such APIs don't restrict which "origin" calls them. You probably want to pass the JWT as a header or something in that line.

Recent in Forum

A
The "RAG or fine-tuning?" question is outdated in 2026
14m ago
A
5 Tech Stack Decisions That Make or Break a Travel Booking Engine
23h ago
K
Hi, I'm Karthik
413h ago
D
I built WattSeal — PC power consumption monitor
318h ago
A
I Replaced ChatGPT With Google NotebookLM — Here’s My Audit & Workflow
24A A A20h ago

View all threads

Search Hashnode

JWT authentication, The right way.

Responses(2)

Recent in Forum