i am testing it on my local cluster
# orm-helps
Sim
04/16/2018, 9:25 PMi am testing it on my local cluster
h
huv1k
04/16/2018, 9:27 PMso what is point of security?
s
Sim
04/16/2018, 9:36 PM😄 i was thinking that it will expose everything, in the live server too :S
Sim
04/16/2018, 9:37 PMbut how do i hide the token ?
Sim
04/16/2018, 9:37 PMwhich is coming in the response
Sim
04/16/2018, 9:38 PMi mean to say that token is going to be saved by the user but , every one can see it and can use it
h
huv1k
04/16/2018, 9:38 PMHow if you are using secure connection?
s
Sim
04/16/2018, 9:40 PMit means it won't show any thing in the browser or anywhere at client side except my application when i use HTTPS ?
h
huv1k
04/16/2018, 9:42 PMyou answered your question it would be saved by user if you want to do that
s
Sim
04/16/2018, 9:43 PMalright thank you , i was confused when i saw the developer tools network tab and everything was there lol , i am still learning .
h
huv1k
04/16/2018, 9:46 PMClient almost always needs this kind of data
👍 1
a
aperk
04/19/2018, 10:37 PMafaik this (even with SSL each client can theoretically access their tokens with a http interceptor) is common in mobile apps and apps in general... this is how spam bots work iirc. spam bot can be given authorization tokens generated from spam accounts, thus it is difficult to create new Google/Facebook accounts since they try to eliminate this by associating each account to a phone number, which cost more for spam bot operators to make spam accounts. But that is my understanding from running twitter bots back in the day... things have maybe changed.