re: Securing Node.js RESTful APIs with JSON Web Tokens VIEW POST

VIEW PARENT COMMENT VIEW FULL DISCUSSION
 

Yes, I agree fully. For demo purposes, I've made the explanations and code examples as simple as possible. But, I'd always suggest only returning a vague message such as "The credentials you entered are incorrect."

The password reset you mentioned is also a very delicate matter. I would never risk having it any other way than through e-mail instructions.

Thanks for this feedback and I'm glad you liked the article. :)

code of conduct - report abuse