1๐
@Diegoa87 โ You got it all mixed up.
A CSRF token is a unique, secret, unpredictable value that is generated by the server-side application and transmitted to the client in such a way that it is included in a subsequent HTTP request made by the client. When the later request is made, the server-side application validates that the request includes the expected token and rejects the request if the token is missing or invalid. It is not needed for GET requests. It is not a form of authenticating or authorization a user. It is a form of validating a request. CSRF token is added to protect against CSRF attacks. And then there is something called SSRF
Token-Based Authentication โ This is irrespective of the type of requests. It is to authenticate if the user is a valid user or not.
Authorization โ This is to make sure that the requested user has the sufficient privilege to access a protected resource.
My question is if token authentication does not need the csrf tokens or are they passed automatically by react? Thanks in advance.
As far as I know, tokens are passed in the header and this is for every request (GET, POST, PUT, DELETE).
Csrf token is added in an HTML form primarily for POST, PUT, DELETE. Something that can alter the state of a resource in the server.
Hope this makes sense.
I am no expert in React but nothing is passed automatically. You have to add tokens in the header of your request.
Csrf token is tied to a request.
Tokens/JWT tokens are tied to a user making the request.