Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
5. Server validates signature and timestamp
The security issue is in step 1. WebCrypto can generate non-extractable private keys and store them in indexeddb. However, this assumes no malicious code flips the “extractable” flag before the pair is generated. So this strategy is trust-on-first-use.
[0] - https://chromestatus.com/feature/5097603234529280
[1] - https://github.com/kevlened/prevent-exfiltration/blob/main/i...
NOTE:
The number of mentions on this list indicates mentions on common posts plus user suggested alternatives.
Hence, a higher number means a more popular project.