javascript – Armazenamentos de access token (token JWT)

Question:

I'm facing the need to store the access token of a user who logged in through a method with OAuth2, this JWT token will be used for my frontend application, written in React, to make calls to an API "on behalf of the user".

However, this data that in my view is sensitive as it should be stored on the client?

I know of some options like localStorage or cookies, but I would like to understand what are the pros and cons of any solution for storing this type of data.

Answer:

For reasons of ease, I prefer localStorage, however Cookies are better options for security reasons, eg it is possible to configure it so that it is only sent in Ajax requests without the possibility of changing with Javascript

http://www.douglaspasqua.com/2012/01/14/seguranca-cookies-httponly/

https://developer.mozilla.org/pt-BR/docs/Web/HTTP/Cookies

Then, for your case, you can send a "setCookie" from your backend when logging in, then all other requests will send the cookie with the token to be validated.

Another thing you can do to increase security is, when generating the token, you generate a user fingerprint, something unique and automatically generated, with that you doublecheck the origin of the request

Good luck.

Scroll to Top
AllEscort