如何安全保存Facebook响应令牌到React应用程序?

问题描述 投票:2回答:1

我正在使用facebook登录开发一个React应用程序,登录成功后,facbook返回用户当前管理器的页面列表,包括令牌。我将在我的应用程序中使用这些令牌。这是我要保存的响应:

[
 {
   // page 1
   access_token: "this_is_token",
   category: "Community",
   id: "461787374317076",
   name: "page_name",
   ......
 },
 {
   // page 2
 },
 ....// other pages
]

但我不知道如何在我的应用程序中保存此响应以确保安全性。最安全的保存? Redux状态(不安全),Redux商店?饼干? localStorage的?还是内存?

在我的应用程序中,我会多次使用这些令牌,所以我认为应该将它们发送到Redux商店,但它是否安全?

非常感谢你!

reactjs token
1个回答
0
投票

您收到的令牌内没有密码。 你是说你能把它存放在哪里? 我们现在使用的网站(stackoverflow)也将该令牌存储在本地存储enter image description here

您可以在此图片中看到他们将令牌存储在localstorage中。

is it safe ?
Yes as it do not have any important data like password or credit card number. More over if you as user have this token on your computer then you will not give this string to some other people to access your account (it is like you are giving somebody your password which is not developers fault) and this string is too large that no other can create acceptable string by own.
redux / cookies / localstorage ? The way I use it is . On signIn/signUp I will set it in localstorage and request headers and after refresh i will check first if token is present in localstorage or not if yes then will need to set headers again as on refresh they will lost.

By axios you can easily set headers like this. Then on server you need to get headers from request and verify your token. 
import axios from 'axios'

export default function setAuthToken(token){

    if(token){
        axios.defaults.headers.common['autherization'] = `Bearer ${token}`
    }
    else{
        delete axios.defaults.headers.common['autherization']
    }
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.