Are others using login-free trials with localStorage tokens?
digital authenticitylocalstoragejwt
The author implemented a 'try without signing up' flow for their side project, Spikelog, using localStorage tokens and wants to know about others' approaches.
Synthesized Answer
Based on 0 community responses
Implementing a login-free trial using localStorage tokens is an interesting approach. The author's implementation involves creating a guest user and storing a refresh secret in localStorage, which is then swapped for a JWT on subsequent visits. This approach allows for a seamless trial experience while maintaining some level of security. However, it has its downsides, such as losing access upon clearing localStorage and limitations to a single device.
Key Takeaways
Using a separate JWT keypair for guest users adds an extra layer of security
Rate limiting guest creation and hashing secrets are good security practices
Cleanup jobs will be necessary to handle abandoned guest accounts
Discussion (0 comments)
No comments available in our database yet.
Comments are synced periodically from Hacker News.