简体繁体中英

Can multiple endpoint use same CSRF token?

原文 2023-01-27 09:42:23 7 1 single-sign-on/ single-page-application/ csrf

I have Single Page Application(SPA) with multiple endpoints using Singe Sing On(SSO) with JWT token. I try to figure out how to initialize a CSRF token while still keeping my frontend and backend logic as simple as possible.

My question is: Is there a way to avoid generating a CSRF token for every endpoint? So can I, for example, generate CSRF token during my login process (first fetch CSRF token and rotate the token in every login request) and then verify that one CSRF token in every backend? How could this be implemented if it is somehow possible?

I use X-CSRF tokens, so on the server side the token is set to cookies, then the client duplicates it to request headers and finally server verifies that cookie and header value match. I use django csrf middleware which also does some extra validation to avoid client self generated tokens. This extra validation is something I do not really understand

1 answers

In my opinion, what you have in mind is not possible. But you could communicate with a proxy that knows the other endpoints. That would make the most sense from my point of view. So you only need the CSRF token for this one endpoint. And on the server side from the proxy to your other servers you don't need CSRF anymore. But this solution means you need an additional endpoint.

Can I use the contents of the OfficeJS bootstrap token

How to initialize CSRF token when working with Single Page Applications?

Use same user credentials on multiple different Laravel install?

How to automatically log into another site if CSRF-Token is required (PHP, SSO, LDAP)

Can multiple apps behind a reverse proxy be authenticated at the same time?

Can I use a token issued to one application with another application in Azure AD SSO?

How can restrict the use of Issued access token of one machine in another machine

How to use the information in an LTPA token

Multiple Security Token Services in Windows Identity Framework

Multiple React app with same azure app configuration ? can we Implemented SingleSIgn ON?

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can I use the contents of the OfficeJS bootstrap token How to initialize CSRF token when working with Single Page Applications? Use same user credentials on multiple different Laravel install? How to automatically log into another site if CSRF-Token is required (PHP, SSO, LDAP) Can multiple apps behind a reverse proxy be authenticated at the same time? Can I use a token issued to one application with another application in Azure AD SSO? How can restrict the use of Issued access token of one machine in another machine How to use the information in an LTPA token Multiple Security Token Services in Windows Identity Framework Multiple React app with same azure app configuration ? can we Implemented SingleSIgn ON?

Related Tags

Can multiple endpoint use same CSRF token?

Question

1 answers

solution1 1 2023-01-27 09:49:39

solution1
1 2023-01-27 09:49:39