Base solution for your next web application
Open Closed

Stolen JWT #10128


User avatar
0
fgonzalez created

Hi

  • My product version: v9.3.0
  • My product type: Angular
  • My framework type: .net core

<br> I need help with reference to JWT, a customer reported a possible security risk of sending the token over http or https, with the possibility that the token could be stolen.

Questions:

  • Is it possible with the ABP to use an alternative mechanism to transmit session tokens or some more secure way?
  • What mechanisms does ABP have to prevent user access or API calls with a stolen token?

<br> Best regards.


2 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @fgonzalez

    Is it possible with the ABP to use an alternative mechanism to transmit session tokens or some more secure way?

    AspNet Zero doesn't provide any alternative approach. Using HTTPS should work for you.

    What mechanisms does ABP have to prevent user access or API calls with a stolen token?

    AspNet Zero doesn't implement token invalidation but you can easily implement it by creating a new table which will contain invalid tokens and check it here

  • User Avatar
    0
    fgonzalez created

    Thanks for the reply @ismcagdas