Reputation: 151
Storing OAuth 2 Access Token for javascript only client
One of the use cases of doing Implicit Grants for OAuth 2 is for web apps that use javascript. My question is how do you store the access token?
For web apps with server side scripting I normally store the access token in a database or in a cookie that's not JS accessible. For a mobile app which also uses implicit grant, you can store the token in the device. But for a JS web app, the only way I could think of is to store it in memory in a private variable. The difference with having server side scripting is with this is that once the page is closed, you're technically logged out. But how is this normally done?
Upvotes: 0
Views: 1516
Answers (1)
Reputation: 2424
You can store in the HTML5 Web Storage
$window.sessionStorage.token = 'serverToken';
The data persisted there lives until the browser tab is closed.
You also can store in a cookie, you can read more about that here: https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage/
Upvotes: 1
Related Questions
- Storing O-Auth Tokens
- How to store OAuth2 access tokens in a React application?
- Storing client secret on client side
- Storing access token obtained through client credentials oauth2 flow
- How to send oauth2 tokens to client and store them?
- Saving OAuth2 access tokens for sessionless authentication
- OAuth2 Refresh Token. How to store it on client-side
- Storing OAuth2 client_id and client_secret securely in a client side app
- Secure way to communicate OAuth token to javascript client
- Proper method for accessing OAuth2 tokens via javascript