You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This has been bugging me for sometime as I have limited knowledge on cyber security especially athentication. I am not sure whether this is the place to ask, but I'll put it here anyway since you guys are pretty responsive. When a user is athenticated, then the browser have access to the user object with keys like username, userPoolId and attributes. This object can be examined easily in React DevTools.
Then there is this storage key in the user object. It contains other users idToken, refreshToken, accessToken. Is it safe for such values to be exposed? Can other users' account get hijacked or jeopardised by knowing such values?
The text was updated successfully, but these errors were encountered:
This has been bugging me for sometime as I have limited knowledge on cyber security especially athentication. I am not sure whether this is the place to ask, but I'll put it here anyway since you guys are pretty responsive. When a user is athenticated, then the browser have access to the
user
object with keys likeusername
,userPoolId
andattributes
. This object can be examined easily in React DevTools.Then there is this
storage
key in theuser
object. It contains other users idToken, refreshToken, accessToken. Is it safe for such values to be exposed? Can other users' account get hijacked or jeopardised by knowing such values?The text was updated successfully, but these errors were encountered: