where to store information after the authentication using JWT

Question

I'm new to the authentication stuffs. I have an application which after login, send the credentials against server and server generate the JWT token and send it back to the client(mobile device).

This is my question : After having the JWT available, Where should I store my information on the upcoming requests? for example If I want to send a POST request I have two approaches :

1. store needed information on the request's body
2. after encoding the information using JSON format in Base64 then store it on payload of the JWT

maybe I'm wrong and these are not the solutions. I just wanted to know what is the best (standard) approaches for this job ?

Answer 1

The JWT token should be sent as a bearer token with each request the client makes to the server.

it is typically added in the Authorization header using the Bearer schema.

Authorization: Bearer <token>

For a more detailed explanation of JWT tokens please see https://jwt.io/introduction/

Answer 2

Jwt tokens are to be sent back and forth for each request and as mentioned in comments you cannot modify them.

The token can be sent as a bearer token in the authorization header.

Authorization : Bearer <token>

For the request parameters for your API requests you are doing you can send them as part of request body for a post.

And on an additional note your requests would still be vulnerable to CSRF. You can use csrf any libraries to generate a csrf token. This would provide better security aspects to your application.