Daniel_Grosso | 2022-02-10 09:15:14 UTC | #1
Hi everyone.
Our client is having their contact center applications audited and the audit team is asking me why, on the Genesys Cloud Web Client, the user's JWT (or part of it as it seems) is being stored on the browser's local storage (vulnerable to XSS) instead of Secure Cookies. Is there an explanation for this?
Thanks in advance.
Regards, Daniel
anon11147534 | 2022-02-11 17:48:40 UTC | #2
Hi Daniel,
Our API uses OAuth bearer tokens in the Authorization header and that header can only be set by JavaScript so JavaScript needs to access the token.
system | 2022-03-14 17:49:34 UTC | #3
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 13540