Bot-Rakshit
commented
3 months ago Cookie based authentication is the priority right now and that is what we are working on right now! Tokens can be shared you are right, luckily there is no sensitive information or any user specific actions right now, but there will be in the future. Hence implementing cookie based token is required, which will be done soon. Thanks for your concern
I noticed that the website is using URL encoded token for authentication which comes with the security risks: Tokens in URLs can be logged in browser history, server logs, or shared inadvertently. This can expose the token to unintended parties. Implement a cookie based token which is more secure. You can use auth.js if the backend is in express.js. With auth.js sign in with discord, facebook etc can be easily implemented.