Securing User Sessions #2363
Unanswered
sg-qdelacluyse
asked this question in
Q&A
Securing User Sessions
#2363
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I'm really happy with all of the work and thought that has gone into this project. It's exciting to have google backing this.
One security concern I'm trying to address is protecting user session data. Here's the example:
Let's say I implement ADK as an OAuth Resource server and protect it using Bearer Token auth and an IdP. However if that user creates a session, that session would be accessible by other authenticated users, correct?
Of course I can implement middleware to validate that the user has in fact visited only sessions that they belong, but how can I be sure that I've implemented the middleware on all the correct routes that could leak data between users. Any guidance or thoughts here would be greatly appreciated!
Beta Was this translation helpful? Give feedback.
All reactions