Work on blog.

2016-08-26 17:47:11 +02:00 · 2016-08-26 17:47:11 +02:00 · 46de95ea2b
commit 46de95ea2b
parent a438d0793b
1 changed files with 9 additions and 1 deletions
--- a/etc/blog.md
+++ b/etc/blog.md
@ -457,6 +457,14 @@ Token based authentication schema's became immensely popular in recent times, as
 4. Reduced load on authorization server
 5. No need for distributed session store

+Some trade-offs have to be made with this approach:
+
+1. More vulnerable to XSS attacks
+2. Access token can contain outdated authorization claims (e.g when some of the user privileges is revoked)
+3. Access tokens can grow in size in case of increased number of claims
+4. File download API can be tricky to implement
+
+
 In this article we'll explain approach where JWT's are used for token based authentication.

 Authentication flow is very simple: