Fork me on GitHub
Ben Hammond08:09:58

What is considered best practise for secure handling of AWS id_tokens within a CLJS app? AWS (unhelpfully) says > Important > We strongly recommended that you secure all tokens in transit and storage in the context of your application. But without much guidance about how to go about doing that... the CLJS app • receives an id_token from a pedestal datomic ions back-end • needs to present this id_token within an HTTP header upon every REST call which implies keeping it with a state variable or in Browser local storage How can do I do better than that? (Its not like I'm working with super sensitive data...)