Hello, I am using vue authenticate library and still seem to be pulling secret API data despite manually deleting my token from localstorage in an incognito session in Chrome and Edge.
My expected output is that if I delete the token and have no other browsers open other than incognito browser session, I should not be able to consume sensitive API data.
The above code allows the client to get data....but if I manually copy the https://abc-api.com/getDataStuff link and paste in another incognito browser session, I get permission error 401 (which is what I expected to get above).
I do have my localhost URI whitelisted in my server's SSO config, as well as the backend API's SSO config. I am also using implicit grant type.
Thanks for any light anyone can shed as to why I am able to consume API data despite having, as far as I can tell, no token in my incognito browser session.
Hello, I am using vue authenticate library and still seem to be pulling secret API data despite manually deleting my token from localstorage in an incognito session in Chrome and Edge.
My expected output is that if I delete the token and have no other browsers open other than incognito browser session, I should not be able to consume sensitive API data.
Here's my setup:
I am testing this with a button click event called
async getData()
:The above code allows the client to get data....but if I manually copy the
https://abc-api.com/getDataStuff
link and paste in another incognito browser session, I get permission error 401 (which is what I expected to get above).I do have my localhost URI whitelisted in my server's SSO config, as well as the backend API's SSO config. I am also using
implicit
grant type.Thanks for any light anyone can shed as to why I am able to consume API data despite having, as far as I can tell, no token in my incognito browser session.