I am about to start developing a business application where I want the interface to be the only JavaScript solution. The backend is provided as a REST API. How can I safely access the REST API from the Javascript interface?
I have already started developing Oauth 2.0 in my REST API, and I already know about the "Implicit grant flow", which is the recommended flow for javascript clients. The problem is that this stream should only provide short-circuited tokens (maybe 1 hour?).
Users of my system will usually register in the morning and work in the application all day (8 hours) and log out before leaving work, but if the access token lives only for an hour, they will have to register each time, it is incompatible. How do you solve this?
source
share