web-security

gdeer81 2017-02-27T16:39:03.000004Z

There was a question in the luminus channel about "uncomplicated" solution for authentication in single page applications. The last two comments were JWT is generally accepted and JWT might not be secure.

gdeer81 2017-02-27T16:42:04.000005Z

Since this was the person's first SPA I'm sure he googled "SPA authentication" or "Clojure webapp authentication" and obviously didn't get any satisfying results so if we actually decide on a "best solution" for this we also need to ensure that it is the first result in a google search for Clojure webapp authentication

gdeer81 2017-02-27T16:46:22.000006Z

I searched for "Clojure SPA Authentication" and the first result was a blog post talking about multiple OAth entry points in single-page apps and the second and third result is the friend library and the buddy-auth library because google remove "spa" from the search terms. the 7th result was a blog post that he mentioned when he asked the question in the channel

gdeer81 2017-02-27T16:48:25.000007Z

this post https://juxt.pro/blog/posts/securing-your-clojurescript-app.html which looks a bit complicated to a beginner