#Is using JWT in cookies still acceptable for security?

3 messages · Page 1 of 1 (latest)

coral lark Feb 14, 2024, 9:04 PM

Is creating a JWT after authentication and then passing it back and forth in a cookie still OK to do? Including a CSRF token in a cookie too. It seems that the preferred option for security is OAuth2 with resource and client servers, but is it just preferred or is it the only acceptable way to secure a RESTful API being used with a SPA?

patent pulsarBOT Feb 14, 2024, 9:04 PM

⌛ This post has been reserved for your question.

Hey @coral lark! Please use /close or the Close Post button above when your problem is solved. Please remember to follow the help guidelines. This post will be automatically closed after 300 minutes of inactivity.

TIP: Narrow down your issue to simple and precise questions to maximize the chance that others will reply in here.