[英]How to save Token to Local Storage?
I'm working on a login system for an app in school.我正在为学校的应用程序开发登录系统。 I can register a user that gets saved to my azure documentDB.
我可以注册一个保存到我的 azure documentDB 的用户。 I can then, sort of log in with the user.
然后,我可以用用户登录。 But it (the Token) never gets saved so that I can access the token...
但它(令牌)永远不会被保存,所以我可以访问令牌......
The script for the log in looks like this:登录脚本如下所示:
var signin = function() {
var tokenUrl = "http://localhost:15746/Token";
var loginData = $("#userSignup").serialize();
loginData = loginData + "&grant_type=password";
$.post(tokenUrl, loginData).then(navigateToEvent);
return false;
}
$("#signup").click(signin);
How could I store the Token?我如何存储令牌? In Local Storage?
在本地存储中? How?
如何?
To save a string in Local Storage you use要将字符串保存在本地存储中,请使用
window.localStorage.setItem(key, value);
You can get the value later with:您可以稍后通过以下方式获取该值:
window.localStorage.getItem(key);
Dont save a Token in the Local Storage.不要在本地存储中保存令牌。 Its not a good Style because you open up to attackers.
这不是一个好的风格,因为你对攻击者开放。 I found this link on my search: https://medium.com/@benjamin.botto/secure-access-token-storage-with-single-page-applications-part-1-9536b0021321 .
我在搜索中找到了这个链接: https ://medium.com/@benjamin.botto/secure-access-token-storage-with-single-page-applications-part-1-9536b0021321。
This is a part from whats inside the page:这是页面内部内容的一部分:
“It's recommended not to store any sensitive information in local storage.” “建议不要在本地存储中存储任何敏感信息。” -OWASP Cheat Sheet
-OWASP 备忘单
“Don't store tokens in local storage.” “不要将令牌存储在本地存储中。” -Auth0: Where to Store Tokens
-Auth0:存储令牌的位置
“You are safe from CSRF, but you have opened yourself up to a much greater attack vector… XSS.” “你在 CSRF 中是安全的,但你已经向更大的攻击向量敞开了大门……XSS。” Okta: JWTs Suck
Okta:JWT 很烂
“Don't store [JWTs] in local storage (or session storage).” “不要将 [JWT] 存储在本地存储(或会话存储)中。” LogRocket: JWT Authentication Best Practices
LogRocket:JWT 认证最佳实践
“It is best to avoid letting the JavaScript code ever see the access token.” “最好避免让 JavaScript 代码看到访问令牌。” OAuth 2.0 for Browser-Based Apps: Best Current Practice
基于浏览器的应用程序的 OAuth 2.0:当前最佳实践
将令牌保存在本地存储中使用
localStorage.setItem(key, value)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.