codingaway
Reputation: 1
Spring OAuth2- Passing token in Authorization: Bearer
I am passing oauth2 token in Request header as Authorization: Bearer . But if you use for example Chrome developer tools you can see the token and basically copy it and use it to call our services. How can I prevent/hide the token so it does not show in developer tools.
Upvotes: 0
Views: 627
Answers (1)
Dave Syer
Reputation: 58124
Developer tool are not designed to hide any data (e.g. you can use them to send cookies as well). So if you don't trust your users then don't issue tokens that can be used from an arbitrary client.
Upvotes: 2
Related Questions
- Spring Boot OAuth2 - Could not obtain user details from token
- Spring OAuth 2 Call /oauth/token Resulted in 401 (Unauthorized)
- How get a token in spring boot 2 oauth2?
- Can't use an access token in Spring OAuth2
- Spring Security: How to pass oauth2 access token in request headers
- spring security token request requires authentication
- Spring OAuth2 Access Token in HTTP Header
- Spring oauth2 custom token issue
- Spring OAuth2 - Create an access token
- Oauth2 Request Token using Spring Security