Hey Ladys and Gentlemen,
I'm planing on creating my first React Native (mobile) application and can not find a secure and easy solution for the authentication.
So lets assume I make a horse-racing app and at the horse-racing-track (the place where the horses run) the Users can choose a horse to bet on by reading an qr-code with the horse-id.
Then the mobile app sends that data along with a JWT or Session-Cookie to my api.
So the Question: How can I make sure, that someone is not sniffing / stealing that Session-Cookie or Token? Couldn't I just sit in front of the horse-track with my laptop and grab some tokens and do stuff via my API with that?!
Possible Solutions:(?) Encrypting the data from App to API with the UserData (email or pw) ? Might SSL / HTTPS be a solution (encryption)?
I actually wanted to use PassportJS and JWT together in combination to build a auth-server that creates Device/Refresstokens + an Accesstoken.
-> Disclaimer: Horse-Racing is nothing I support in any kind. It's not cool what they do to the horses there..
