Deal – Need BMF Token I can send Paytm/UPI | Proxies-free

Earnings Disclaimer:  All the posts published herein are merely based on individual views, and they do not expressly or by implications represent those of Proxies-free or its owner. It is hereby made clear that Proxies-free does not endorse, support, adopt or vouch any views, programs and/or business opportunities posted herein. Proxies-free also does not give and/or offer any investment advice to any members and/or it’s readers. All members and readers are advised to independently consult their own consultants, lawyers and/or families before making any investment and/or business decisions. This forum is merely a place for general discussions. It is hereby agreed by all members and/or readers that Proxies-free is in no way responsible and/or liable for any damages and/or losses suffered by anyone of you.

openid connect – Does OIDC explicitly handle refresh token exchange for multiple devices?

This question is inspired by this answer and question

I also use that method to handle the case where users can sign in and out of multiple devices, by storing a per-device refresh token for a device id. I am making the assumption that various additional checks should be available to refresh token exchange: check IP for web apps, check device id for mobile apps, throttling etc.

I would have thought that OIDC somehow caters for the flows around multiple devices for a single user, but having tried to study the spec I can’t say I see it. Basically, my question is, does OIDC implicitly or explicitly address this stuff? Am I reading it right there is no support for this and that to handle it a custom non-OIDC approach is necessary?

node.js – Cannot parse to get the token

For some reason I cannot get the token from the localstorage in order to make the request, it says that there is no token. I am using cookie parser. I am trying to create a new category for my shop. It is not recognizing the token, although it is here.

here is my client:


import { useState } from 'react';
import { createCategory } from './api/category';
import isEmpty from 'validator/lib/isEmpty';
import { showErrorMsg, showSuccessMsg } from './helpers/message';
import { showLoading } from './helpers/Loading'

export default function AdminDashboard() {
const (category, setCategory) = useState('');
const (errorMsg, setErrorMsg) = useState('');
const (successMsg, setSuccessMsg) = useState('');
const (loading, setLoading) = useState(false);

const handleMessages= evt =>{

const handleCategoryChange = (evt) => {

const handleCategorySubmit = (evt) => {

    if (isEmpty(category)) {

        setErrorMsg('Please enter a category')
    } else {
        const data = { category }

            .then(response => {
            .catch(err => {



function ShowHeader() {
    return (
        <div className='bg-dark text-white py-4'>
            <div className='container'>
                <div className='row'>
                    <div className='col-md-6'>
                            <i className='fas fa-home'>   Dashboard</i>


function ShowActionBtns() {
    return (
        <div className='bg-light my-2'>
            <div className='container'>
                <div className='row pb-3'>
                    <div className='col-md-4 my-1 '>
                            className='btn btn-outline-info btn-block'
                            <i className=' fas fa-plus'>Add Category</i>
                    <div className='col-md-4 my-1 '>
                        <button className='btn btn-outline-danger btn-block'>
                            <i className=' fas fa-plus'>Add Products</i>
                    <div className='col-md-4 my-1 '>
                        <button className='btn btn-outline-success btn-block'>
                            <i className=' fas fa-plus'>Add Blog</i>




function ShowCategoryModal() {
    return (
        <div id='addCategoryModal' className='modal' onClick={handleMessages}>
            <div className='modal-dialog modal-dialog-centered modal-lg'>
                <div className='modal-content'>
                    <form onSubmit={handleCategorySubmit}>

                        <div className='modal-header bg-info text-white'>
                            <h5 className='modal-title'>Add Category</h5>
                            <button className='close' data-dismiss='modal'>
                                    <i className='fas fa-times'></i>

                        <div className='modal-body my-2'>
                            {errorMsg && showErrorMsg(errorMsg)}
                            {successMsg && showSuccessMsg(successMsg)}
                                loading ? (
                                    <div className='text-center'>{showLoading()}</div>
                                ) : (
                                        <label className='text-secondary'> Category</label>


                        <div className='modal-footer'>
                            <button data-dismiss='modal' className='btn btn-secondary'>Close</button>
                            <button className='btn btn-info' type='submit'>Submit</button>

return <div>

Here is my api file:

import axios from "axios"

export const createCategory = async (formData) => {
const config = {
    headers: {
        'Content-Type': 'application/json'

const response = await'http://localhost:5000/api/category', formData, config);
return response;


on the server side,

  here is my server.js : 
  const express=require('express');
  const app= express();
  const cors=require('cors');
  const connectDB= require('./database/db');
  const morgan= require('morgan');
  const authRoutes= require ('./routes/auth')
  const categoryRoutes = require ('./routes/category');
  const cookieParser = require('cookie-parser')

  app.use('/api/auth', authRoutes);
  app.use('/api/category', categoryRoutes);


  const port = process.env.PORT || 5000;

  app.listen(port, () => console.log(`Listening on port ${port}`));

  app.get('/', (req, res) =>{
  res.send(' hello server')

here is my route file :

  const express = require('express');
  const router = express.Router();
  const categoryController = require('../routes/controllers/category');
  const  {authenticatateJWT} = require('./middleware/authenticator');'/', authenticatateJWT, categoryController.create);

  module.exports = router;

here is my controller:

    exports.create = (req, res)=>{

    setTimeout(() =>{
      successMessage: `${req.body.category} was created!`
      }, 5000)


here is my middleware:

    const jwt = require('jsonwebtoken');
    const { jwtSecret } = require('../../config/keys');

    exports.authenticatateJWT = (req, res, next) => {
     const token = req.cookies.token;
     if (!token) {
     return res.status(401).json({
        errorMessage: 'No token. Authorization denied',
       try {
       const decoded = jwt.verify(token, jwtSecret);

       req.user = decoded.user;
        } catch (err) {
          console.log('jwt error:', err)
          errorMessage: 'Invalid token',


kibana – Nginx redirect to kiabana url if memcache token exist

am making a call to nginx.From nginx i have to check if memcache have a token i want to redirect to kibana else i will throw error

content_by_lua '
            local memcached = require "resty.memcached"
            local memc, err = memcached:new()
            if not memc then
                 ngx.say("failed to instantiate memc: ", err)
            local ok, err = memc:connect("", 11211);
            if not ok then
               ngx.say("failed to connect: ", err)
            if ok then
            local args = ngx.req.get_uri_args();
            local tokenId = args.sid
            ngx.say( "usettttr");
            local res = memc:get("user")
            if res then
                # Redirect to kibana url

            if not res then
                 # Return Error

authentication – Is it bad practice to use only one token for a SPA (no applications, only user)?

Say we have multiple instances of application X deployed on,,, etc. And we have a centralized server at serving all of these.

All the instances of X are static sites, that is, they do not have a server, and thus, they can’t proxy requests to endpoints.

Traditionally, in a same-site situation, HTTPOnly, secure cookies would’ve been used to store user sessions, but with the (necessary) death of third-party cookies, we can’t do that cross-site. So recently we have been debating about shifting to storing the session token or JWT in LocalStorage or in a cookie (using Javascript).

We understand the issues with XSS and CSRF involved, but we don’t understand how else to make authentication work cross-site. Our application instances are usually “control panels” where users log in to manage their data or other information regarding their organization. They are strictly user <-> server and there is no third-party application involved which might require some access_token.

I have read in a lot of places that storing tokens (JWTs) in LocalStorage is a bad idea. Other places ask you to avoid cookies since they are vulnerable to CSRF. And some places ask you to use id_token and access_token. So where are we supposed to store tokens then?

It’s quite confusing, and I seem to be missing something super obvious (or super complicated). Thanks for helping out!

This post encouraged me to post this question, but I don’t feel like the answer takes into account our cross-site use case:
OIDC – what is the point of two separate tokens – access and id?

Form APi Could not parse property path Unexpected token


  • Drupal 9.1.4
  • symfony/property-access I think is on 5.2.0 (that’s the last version mentioned in the changelog)

I have a custom built form with some date and number fields, for example:

$form('calculator')('chargeable_consideration') = (
  '#type' => 'number',
  '#min' => 0,
  '#step' => 0.01,
  '#required' => TRUE,
  '#size' => 13,
  '#attributes' => (
    'placeholder' => '£0.00',
  '#title' => $this->t('description text (£) <button class="tooltip-anchor" title="pop up text">?</button>'),
  '#prefix' => '<div class="form-group">',
  '#suffix' => '</div>',

I have validation checking the dates are within a range, but nothing to check the numbers.

if I use the numbers

  • 10000.85
  • 123456789.70
  • 1234567890

the form works as expected.

If I use the numbers

I get the following error

SymfonyComponentPropertyAccessExceptionInvalidPropertyPathException: Could not parse property path "calculator)(chargeable_consideration". Unexpected token "(" at position 11. in SymfonyComponentPropertyAccessPropertyPath->__construct() (line 111 of vendorsymfonyproperty-accessPropertyPath.php).
SymfonyComponentPropertyAccessPropertyAccessor->getPropertyPath('calculator)(chargeable_consideration') (Line: 120)
SymfonyComponentPropertyAccessPropertyAccessor->getValue(Array, 'calculator)(chargeable_consideration') (Line: 406)
Drupalcustom_formFormCustomForm->validateForm(Array, Object)
call_user_func_array(Array, Array) (Line: 82)

How do I prevent it from throwing this exception?

web application – Does API access token that only have access to public information need to be kept secret?

I found a Instagram Basic Display API access token leaked in a website. This token belongs to a Instagram marketing account of this website. Using my leet investigating skill, below are the information i have.

  • This token has 3 months valid period
  • This token is in use (i see it’s refreshed last week when its valid period is going to end), although i cannot find where it is used
  • This token is an User Access Token for querying data from Basic Display API. Doc here:
  • This access token only has read access to public information 🙁
  • This token will be temporarily rate limited if using too much

Do you know of any impact i can do with this access token other than rate limiting it?

Also, if this token needs to be kept secret, how can we protect it?