<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Using implicit grant on frontend web app, where to safely store access code? in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Using-implicit-grant-on-frontend-web-app-where-to-safely-store/m-p/211440#M10629</link>
    <description>&lt;P&gt;The &lt;A href="https://github.com/dropbox/dropbox-sdk-js" target="_self"&gt;API v2 Dropbox JavaScript SDK&lt;/A&gt;&amp;nbsp;does not handle access token storage automatically. It is left to the developer to decide what makes sense for their app/platform.&lt;/P&gt;</description>
    <pubDate>Mon, 13 Mar 2017 19:11:59 GMT</pubDate>
    <dc:creator>Greg-DB</dc:creator>
    <dc:date>2017-03-13T19:11:59Z</dc:date>
    <item>
      <title>Using implicit grant on frontend web app, where to safely store access code?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Using-implicit-grant-on-frontend-web-app-where-to-safely-store/m-p/210436#M10499</link>
      <description>&lt;P&gt;Sorry I'm still quite new to web development, but it seems like I wouldn't be able to save the access code into an httponly cookie. I've read that Angular has a way of sending cookies for requests that are only coming from my domain, which would deal with CSRF while the httponly deals with XSS.&lt;/P&gt;
&lt;P&gt;&lt;A href="https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage" target="_blank"&gt;https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Therefore in order to maintain user session, and keep them logged in across multiple sessions, is to save it into localStorage? Is this right or is there another way?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;If I do save it into localStorage, I would need to be very careful about XSS attacks, particularly code libraries that could be potentially compromised?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Any advice, even just a good article for reference, would be greatly appreciated!&lt;/P&gt;</description>
      <pubDate>Wed, 29 May 2019 09:25:04 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Using-implicit-grant-on-frontend-web-app-where-to-safely-store/m-p/210436#M10499</guid>
      <dc:creator>cloudlife</dc:creator>
      <dc:date>2019-05-29T09:25:04Z</dc:date>
    </item>
    <item>
      <title>Re: Using implicit grant on frontend web app, where to safely store access code?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Using-implicit-grant-on-frontend-web-app-where-to-safely-store/m-p/210787#M10555</link>
      <description>We're happy to help with any issues or questions you have regarding the Dropbox API itself, but we can't offer app security advice. If you have any security questions, you should consult with a security professional.&lt;BR /&gt;&lt;BR /&gt;That said, using local storage sounds like a reasonable solution in your case, but I can't speak to the security aspects.</description>
      <pubDate>Thu, 09 Mar 2017 18:28:10 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Using-implicit-grant-on-frontend-web-app-where-to-safely-store/m-p/210787#M10555</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2017-03-09T18:28:10Z</dc:date>
    </item>
    <item>
      <title>Re: Using implicit grant on frontend web app, where to safely store access code?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Using-implicit-grant-on-frontend-web-app-where-to-safely-store/m-p/211320#M10610</link>
      <description>Thanks for the reply! Would I be able to ask you about how the dropbox javascript SDK handles secure storage of the access code? Or is that left to the developer? Thanks again &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@FBF7D2AB59A0D6E861EBF6A36F93B7E2/emoticons/1f642.png" alt=":slightly_smiling_face:" title=":slightly_smiling_face:" /&gt;</description>
      <pubDate>Mon, 13 Mar 2017 04:25:01 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Using-implicit-grant-on-frontend-web-app-where-to-safely-store/m-p/211320#M10610</guid>
      <dc:creator>cloudlife</dc:creator>
      <dc:date>2017-03-13T04:25:01Z</dc:date>
    </item>
    <item>
      <title>Re: Using implicit grant on frontend web app, where to safely store access code?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Using-implicit-grant-on-frontend-web-app-where-to-safely-store/m-p/211440#M10629</link>
      <description>&lt;P&gt;The &lt;A href="https://github.com/dropbox/dropbox-sdk-js" target="_self"&gt;API v2 Dropbox JavaScript SDK&lt;/A&gt;&amp;nbsp;does not handle access token storage automatically. It is left to the developer to decide what makes sense for their app/platform.&lt;/P&gt;</description>
      <pubDate>Mon, 13 Mar 2017 19:11:59 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Using-implicit-grant-on-frontend-web-app-where-to-safely-store/m-p/211440#M10629</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2017-03-13T19:11:59Z</dc:date>
    </item>
  </channel>
</rss>

