This is a security risk and SHOULD NOT be used. | by Jorge C. Leitão | Medium

How To Implement OIDC Authentication with React Context API and React Router
627
27
Francisco Pastor
Jorge C. Leitão
·Follow
1 min read·
Dec 13, 2019
--
This is a security risk and SHOULD NOT be used.
First, what Greg V said. You can just monkey patch the js client to expose the private route. Never trust client code for authorization…
Second, do not store secrets (like access tokens) in the local storage, see https://auth0.com/docs/security/store-tokens#don-t-store-tokens-in-local-storage or https://dev.to/rdegges/please-stop-using-local-storage-1i04
--
--
Written by Jorge C. Leitão59 Followers
·7 Following
Leveraging information asymmetry
Responses (3)
Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams