Using Passport.js and Redis: - [ ] authenticate a user's credentials against the local database - [ ] store a JWT in a redis whitelist with an expiration time on the entry Pick token storage method: - [ ] Use a Same-Site HTTP-Only Secure __Host- prefixed cookies -- CSRF issues, needs nonce - [ ] use Authorization headers and localStorage -- XSS concerns but little to no CSRF issues
Using Passport.js and Redis:
Pick token storage method: