Is it permissible to use multiple JWT tokens in the HTTP header?

Currently, I have implemented the jwt access and refresh token pattern for client-server communication. The method involves sending two jwt tokens in the header: the access token and the refresh token. This is done by adding the following code to the header:

'Authorization': 'Bearer ' + user.accessToken + ' ' + user.refreshToken

On the server side, I split the request authorization header in order to separate the access token and refresh token. Although this method works for me, I am concerned about its security implications. As a beginner in fetching/auth practices, I want to ensure that I am following recommended security standards. While I understand that my approach may deviate from the norm of using 'Bearer', it has been effective so far. Since I am not integrating with OAuth2 and implementing authentication independently, I would like to continue using this solution if there are no significant security risks associated with it.

javascripthttpexpressjwtfetch

Answer №1

I have implemented a unique access and refresh token strategy I apologize, but that statement is incorrect. The method you are using for token management is inefficient, insecure, and ultimately does not provide any benefits. Here's why:

The purpose of the access token is to allow third-party services to authenticate the user.

The purpose of the refresh token is to enable users to generate a new set of access/refresh tokens at any time.

Here's what you're doing wrong:

  1. You are essentially giving both access and refresh tokens to any third party, which means a malicious entity could use the refresh token to maintain control over the user in their system indefinitely by constantly updating their own access token.
  2. You are unnecessarily doubling the size of the token added to the header, creating larger request headers. This exacerbates the issue since normally the refresh token is almost as large as the access token.
  3. Overall, there is no clear benefit to this approach. What exactly do you gain from it?

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Remove objects from an array if they share identical key values

I'm having trouble getting this to work. I have an array of objects that looks like this: let myCities = [ { value: 'Barcelona', code: 02342837492482347 }, { value: 'Rome', code: 28282716171819 }, { v ...

javascriptarraysobjectfilterreduce

How come the express.static() function is failing to load my .js and .css files from the intended path?

const express = require('express'); const app = express(); const server = require('http').Server(app); const io = require('socket.io').listen(server); const path = require('path'); let lobbies = new Array(); app.us ...

javascriptexpresssingle-page-application

Obtain the template as a string within Vue

Let's examine the scenario of having a single file component in Vue with the following structure: // Article.vue <template> <div> <h1>{{title}}</h1> <p>{{body}}</p> </div> </template> If w ...

javascriptvue.js

Encountering an error code of 500 when executing the createIndex function in Pouch

I'm currently working on setting up a basic index, and I have the following code snippet: currentDB.createIndex({ index: { fields: ['name'] } }).then((result) => { }).catch((error) => { }) However, when I try to r ...

javascriptcouchdbpouchdb

When trying to deploy a MERN stack app on Heroku, encountering issues with the front-end functionality not working as

The front-end is developed using create-react-app, while the backend is built with express, node.js, and MongoDB. It functions without any issues locally, but after deploying to Heroku, only the backend seems to be working... index.js app.use(express.s ...

node.jsmongodbexpressherokucreate-react-app

Error encountered: `npm ERR! code E503`

While attempting to execute npm install on my project, which was cloned from my GitHub repository, I encountered the following error: npm ERR! code E503 npm ERR! 503 Maximum threads for service reached: fs-extra@https://registry.npmjs.org/fs-extra/-/fs-ex ...

javascriptnode.jstypescriptnpmnpm-install

Using Next.js Link prefetch feature can lead to unexpected 404 errors on a production website

I'm currently working on a Next.JS blog project where I have created a page to showcase all of my articles. When I render the component, it appears like this: <div> {articles.map((article, index) => { const path = `/magazine/${ar ...

javascriptreactjsnext.js

Continuously receiving the "Add to home screen" prompt despite already installing the PWA app

Is there a method to determine if the Progressive Web App has already been installed? It is possible to cancel the prompt event in the 'beforeinstallprompt' event. window.addEventListener('beforeinstallprompt', (event) => { // co ...

javascriptgoogle-chromeservice-workerprogressive-web-apps

Is it possible in Angular JS to only load a service in the specific JS file where it is needed, rather than in the app.js file

I attempted to do something like: var vehicle_info = angular.module('psngr.vehicle_info', []).factory('vehicle_info', ['$rootScope', '$timeout', '$q', vehicle_info]); var name = vehicle_info.getNameOfVclas ...

javascriptangularjsnode.jsservicemodule

Pinterest-style Angular-UI-Router modal

I am currently working on an app that features a gallery showcasing similar functionalities to . In Pinterest, clicking on a pin displays the pin page above the existing gallery without any information about the background gallery shown in the URL. Users c ...

javascriptangularjsangular-ui-router

Dealing with a throw er; uncaught 'err' event while configuring a server with nodemon

I am currently in the process of setting up my local server using node.js and nodemon. Initially, everything runs smoothly on localhost, but as soon as I refresh the page or navigate to another page, the server crashes with an 'unhandled error event&a ...

javascriptnode.jsnpmservernodemon

If a user refreshes too quickly or excessively, my server tends to crash

I'm feeling lost and struggling to find answers even through Google search. This is my first solo project where I am developing a MERN full-stack app. Initially, someone warned me it was too ambitious (they were right) and that I would get overwhelme ...

javascriptnode.jsreactjsexpress

What potential issues arise from utilizing useRef alongside useSelector?

Although I have the capability to access the store by using thunks and/or global stores, I avoid binding my component to the Redux store. This is because the component will be utilized with various stores both inside and outside of the project. The compone ...

javascriptreactjsreduxuseselector

Dealing with code issues in Subscription forms using AJAX and JQuery

Currently, I am independently studying jQuery and grappling with the Mailchimp Opt-In form code. Despite various existing queries on this topic, I am curious about why my own implementation, as a beginner in jQuery, is not functioning correctly. My intenti ...

javascriptjqueryajaxforms

React-easy-crop simply provides a blob url as a result

Currently, I am utilizing the react-easy-crop package to enable users to make adjustments to their profile pictures post uploading. However, I have encountered an issue where the cropped image is returned in the form of a blob URL such as blob:http://local ...

javascriptreactjscropdata-uribloburls

Matching an element that contains a specific string in JS/CSS

I'm currently faced with an HTML file that's being generated by an outdated system, making it tricky for me to control the code generation process. The structure of the HTML code is as follows: <table cellpadding=10> <tr> ...

javascriptcssdom

What could be causing my iframe to not adjust its size according to its content?

My attempt at resizing a cross-site iframe is not working as expected, despite following the guidance provided here. The iframe on my page seems to remain unaltered in size, and I can't figure out what mistake I might be making. The current location ...

javascripthtmlcssiframeresize

Implementing setState in React with nested objects and dynamic keys

Here is how my state appears: state = { basic: { entry: 'index.js', output: { path: 'dist', filename: 'bundle.js', } } } An onChange event callback for input has been defined as follows: handleU ...

javascriptreactjs

Utilizing Input Data from One Component in Another - Angular4

As a newcomer to Angular, I'm facing an issue where I need to access a variable from ComponentA in ComponentB. Here's the code snippet that demonstrates what I'm trying to achieve (I want to utilize the "favoriteSeason" input result in the " ...

javascriptangulartypescriptangular-components

Modify the AJAX data in Datatables without directly modifying the elements

I am currently working with a Datatable that is being populated through AJAX, and everything is going smoothly. However, I am looking for a way to include some shortcuts to send requests to the server. The issue lies in how I can modify the data being sent ...

javascriptjqueryajaxdatatables