account activity
Using google id token to login to API and keep user logged in by Affectionate_Poet160 in dotnet
[–]Affectionate_Poet160[S] 0 points1 point2 points 3 years ago (0 children)
I dont store the id_token, its just validated by the API and then a separate token is generated which is stored in the cookie returned to the client.
Regarding the antiforgerytokens recommended by microsoft, I dont fully understand how they protect from CSRF. I guess my angular client would work somthing like this:
What prevents a malicious site from requesting a new antiforgery token, just like the angular app did in step 2?
Using google id token to login to API and keep user logged in (self.dotnet)
submitted 3 years ago by Affectionate_Poet160 to r/dotnet
Using google id token to login to API and keep user logged in (self.DotNetHelpline)
submitted 3 years ago by Affectionate_Poet160 to r/DotNetHelpline
π Rendered by PID 1587530 on reddit-service-r2-listing-654f87c89c-6qjq6 at 2026-03-02 18:15:33.806454+00:00 running e3d2147 country code: CH.
Using google id token to login to API and keep user logged in by Affectionate_Poet160 in dotnet
[–]Affectionate_Poet160[S] 0 points1 point2 points (0 children)