Topics include:<ul><li>What JSON Web Tokens are and how to use them to authenticate users</li><li>Strategies for invalidating stateless API tokens</li><li>Using cookie and session authentication</li><li>Using authentication-as-a-service solutions like Auth0</li><li>Proxying requests to your API to simplify CORS issues</li><li>Protecting against XSS attacks</li></ul>Sponsors:<ul><li><a href="https://cloudinary.com/users/register/free?utm_source=fullstackradio&amp;utm_medium=Sponsored_Podcast&amp;utm_content=fullstackradio_PodCast">Cloudinary</a>, sign up and get 300,000 images/videos, 10GB of storage and 20GB of monthly bandwidth for free</li><li><a href="https://rollbar.com/fullstackradio">Rollbar</a>, sign up at https://rollbar.com/fullstackradio to try their Bootstrap Plan free for 90 days</li></ul>Links:<ul><li><a href="https://jwt.io/">JSON Web Tokens</a></li><li><a href="https://ryanchenkie.com/securing-angular-applications/">Securing Angular Applications</a>, Ryan's book</li><li><a href="https://securityheaders.com/">Security Headers scanning tool</a></li><li><a href="https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5">"I’m harvesting credit card numbers and passwords from your site. Here’s how."</a></li><li>https://auth0.com/</li><li><a href="https://twitter.com/adamwathan/status/1035506251713544193">"CORS is bad for performance"</a> Twitter thread</li></ul>

In this episode Adam talks to Ryan Chenkie of Angularcasts about authentication strategies and security best practices when building client-side applications with frameworks like React, Vue, Angular, or Ember.

Full Stack Radio

98: Ryan Chenkie - Securing Single Page Applications