Hi Team,
We are planning to use Identity server for our company Authentication and Authorization. My company security analyst have following questions.
1.He told that as part of security (GDPR) we should not store the JWT token in Cookies because it is vulnerable to CSS (Cross site scripting) or CSRF (cross-site request forgery).
2.Is it possible to avoid cookies in Identity server?
3.What are all the security measures need to have if we have to use cookies?
↧
OAUTH-Identity server4-JWT cookie issue
↧