FuturePass
Website GitHub

Security Best Practices

  1. Use PKCE: Ensure that you use Proof Key for Code Exchange (PKCE) to secure your authorization code flow.

  2. Validate State and Nonce: Always validate the state and nonce to prevent CSRF and replay attacks.

  3. Store Tokens Securely: Store tokens securely in your application, preferably in secure HTTP-only cookies.

  4. Use Tested Libraries: Instead of using the helper functions from this code, use battle-tested libraries for handling PKCE, state, nonce, parsing JWT etc.

PreviousLogout

Last updated

Community

SupportXDiscord

Feedback

Docs

© 2023 -> ♾️