admin管理员组文章数量:1278825
I am developing a .NET API and want to create front-end applications using React for the web and Flutter for the mobile version. My main concern is how to securely manage authentication tokens (access and refresh tokens) for both platforms.
I am accustomed to appending the tokens directly in the API response, using the access token as a regular cookie and the refresh token as an HTTP-only cookie. However, I am uncertain about how this approach will work with the Flutter app, as it doesn't support cookies like the web application does.
My key concerns are:
Security: I want to ensure the authentication process is secure for both the web and mobile versions of the app.
Ease of use: I want an approach that works smoothly across both platforms without significant complexity.
Could you advise on the best way to handle authentication tokens for both a React web app and a Flutter mobile app, while ensuring optimal security and usability in .NET?
I am developing a .NET API and want to create front-end applications using React for the web and Flutter for the mobile version. My main concern is how to securely manage authentication tokens (access and refresh tokens) for both platforms.
I am accustomed to appending the tokens directly in the API response, using the access token as a regular cookie and the refresh token as an HTTP-only cookie. However, I am uncertain about how this approach will work with the Flutter app, as it doesn't support cookies like the web application does.
My key concerns are:
Security: I want to ensure the authentication process is secure for both the web and mobile versions of the app.
Ease of use: I want an approach that works smoothly across both platforms without significant complexity.
Could you advise on the best way to handle authentication tokens for both a React web app and a Flutter mobile app, while ensuring optimal security and usability in .NET?
Share Improve this question edited Feb 24 at 16:24 Dharman♦ 33.4k27 gold badges101 silver badges147 bronze badges asked Feb 24 at 15:06 BunnyBunny 211 silver badge1 bronze badge1 Answer
Reset to default 1You should focus more on verifying JWT tokens on the server side, as there’s no more secure way than letting clients store their own tokens. However, storing access tokens in cookies on the client side exposes them to XSS attacks. A better approach is:
For Web (React): Store the access token in memory and the refresh token in an HTTP-only, Secure cookie. For Mobile (Flutter): Store both tokens in secure storage (Keychain/Keystore) since cookies aren’t supported. Also, implement token blacklisting and cache invalidated tokens to prevent unauthorized reuse. Always use short-lived access tokens and verify them on every request.
本文标签:
版权声明:本文标题:c# - Do I send authentication tokens as JSON response or set them on API (flutter and react client side)? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741258252a2367107.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论