there was an article on here which I found more in depth than this, about why tokens are a good way to do auth.
Im on mobile, but it was ~6 days ago if someone digs it up. However, I guess I don't understand what the actual argument is.
Vue js sets the header to auth bearer and pulls from local storage. I have a token and I verify the id in the payload, the subject which is usetname, expiration and the issuer.
If we assume this goes over SSL/https what is the attack vector. The other article (and this) basically say someone can run a script and get the token however it is pointed out that if soneone can run arbitrary code on your site or users machine, then you already lost anyway.
Im on mobile, but it was ~6 days ago if someone digs it up. However, I guess I don't understand what the actual argument is.
Vue js sets the header to auth bearer and pulls from local storage. I have a token and I verify the id in the payload, the subject which is usetname, expiration and the issuer.
If we assume this goes over SSL/https what is the attack vector. The other article (and this) basically say someone can run a script and get the token however it is pointed out that if soneone can run arbitrary code on your site or users machine, then you already lost anyway.
What am I missing?