Secure authentication process and token management in Xano

In this meeting, Anthony raises a question about an issue he is facing while running his login process. He explains that the request history does not show up when he runs it from Xano, but it does show up when he runs it from another tool called Postman. He also explains the process of generating an authentication token and decrypting user information. However, Anthony is unsure about the purpose of the second user token and why it is being sent to the front end. The State Changer explains that the main authentication token should be used to identify the user and that the information from the token can be retrieved directly from the server without the need to send it to the front end. They suggest using separate tokens for specific purposes, such as a refresh token, and ensuring that sensitive information is not exposed on the front end. The State Changer advises against sending unnecessary information to the front end to minimize security risks. They also emphasize the importance of securing the server, the network, and the front end to mitigate vulnerabilities. The meeting ends with a check-in with Michael.

(Source: Office Hours 6/19 )

State Change Members Can View The Video Here

View This Video Now

Join State Change Risk-Free