Closed Voldemar123 closed 3 years ago
Hey,
It is technically possible but it might be a real concern regarding security.
I recommend that token must have a short life (using exp), and be a one-time usage token. An anti-replay system using the jti field must also be considered.
A token in the URL means also that it will be logged by the web server and it might be limited by the maximum length of an URL.
Well, it needs to be discussed...
Anthony
Lets postpone my question about pass token as param in URL.
I absolutely agree with your concerns about
Wright now I implemented solution with pass token in cookie and it work perfect for my tasks.
Thank you very match !
Happy that the "cookie" feature does the job for you. I close the question for now.
Hello !
It have sense to add the possibility to provide the JWT via URL param ?
I want to generate and open in browser links type of https://site.com/secured/?token=xxxxxx
where is "token" param is JWT and grant an access exists user to site
thank you !