Great article! And an even better discussion in the comments. I have a question regarding a topic Balmes lightly mentioned in his comment. When you want to make HTTP request to multiple backends the cookie with HttpOnly will refuse to be sent to another server then where it came from. How do you go about solving the issue with sending the JWT to several backends in a secure manner? Would you proxy the calls through the backend it was created thus taking a small performance hit?
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Great article! And an even better discussion in the comments. I have a question regarding a topic Balmes lightly mentioned in his comment. When you want to make HTTP request to multiple backends the cookie with HttpOnly will refuse to be sent to another server then where it came from. How do you go about solving the issue with sending the JWT to several backends in a secure manner? Would you proxy the calls through the backend it was created thus taking a small performance hit?