3
I am facing the need to store the access token of a user who logged in through a method with Oauth2, this JWT token will be used for my frontend application, written in React, make calls to an API "on behalf of the user".
However, this fact that in my view is sensitive how it should be stored in the customer?
I know some options like localStorage or cookies, but I would like to understand what are the pros and cons of any solution for storing this type of data.
0
For ease, I prefer the localStorage, however Cookies are better options for security reasons, e.g.: it is possible to configure so that it is only sent in the Ajax requests without the possibility of change with Javascript
http://www.douglaspasqua.com/2012/01/14/seguranca-cookies-httponly/
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
Ai, in your case, you can send a "setcookie" from your backend when logging in, then all other requests will send the cookie with the token to be validated.
Another thing you can do to increase security is, when generating the token, you generate a fingerprint of the user, something unique and generated automatically, with this you make a doublecheck of the origin of the request
Good luck.
Browser other questions tagged javascript react localstorage oauth2 jwt
You are not signed in. Login or sign up in order to post.