Found the perfect course on OAuth for me, by OAuth expert @aaronpk. It’s only $12 on Udemy for the next 5 hours if you want to pick it up. udemy.com/course/oauth-2-sim…
2
1
2
Replying to @CodingItWrong
haha thanks! tbh the pricing on Udemy is a bit of a mystery to me too!

Dec 28, 2020 · 4:56 PM UTC

1
1
Replying to @aaronpk
(Don’t feel obligated to reply just b/c you replied to my compliment 😉 but) has anyone written about an SPA architecture where you: - Retrieve access token in backend and store in server session - Return access token to SPA, which only stores it in memory 1/2
1
- SPA makes unproxied requests to resource server - On page refresh, SPA re-requests access token from backend using session cookie Seems like this is as secure as memory-only storage, allows refreshes, avoids extra hops from proxying. Am I missing risks/downsides?
1