TechQA.

What's the point of using octokit/core.js in a browser if storing access tokens in it is not secure?

463 views Asked by At

The documentation of octokit/core.js shows examples of using the module in the browser but doesn't show how the token was acquired or where it is stored. So, I assume the token is readily available in the browser.

If storing tokens in the browser is not secure then is there any use case where accessing GitHub API using a browser is valid?

javascript github github-api octokit-js
Original Q&A
1

There are 1 answers

4
idiglove On

I couldn't find a way to get the token from octokit. I followed the Github Web app flow - https://docs.github.com/en/developers/apps/building-oauth-apps/authorizing-oauth-apps#web-application-flow

What I did was store token in browser as a httpOnly cookie, then pass to my nodejs server to call Github APIs

Related Questions in JAVASCRIPT

Related Questions in GITHUB

Related Questions in GITHUB-API

Related Questions in OCTOKIT-JS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions