Reputation: 2008
Store token with React
I am new with Reactjs and I am trying to use OpenId Connect and OAuth2 for authentication and authorization. I have been reading about where to store the token, the federation will be done by Azure AD B2C that will use as ID Server: Facebook and Azure AD.
I kindly ask any link or tutorial of how to store the token at the back-end using Azure B2C.
So I would like to avoid to store the tokens in the browser.
Thanks
Upvotes: 0
Views: 474
Answers (2)
Reputation: 29218
In SPAs it is also common to store tokens in HTML5 session storage - as a trade off between security and usability - I have some notes on this here: https://authguidance.com/2019/09/08/ui-token-management
Server side solutions such as putting tokens in auth cookies can often work against the goals of SPAs.
Note that session storage is the default behaviour of the certified and respected oidc client library: https://www.google.com/amp/s/brockallen.com/2019/01/03/the-state-of-the-implicit-flow-in-oauth2/amp/
There is not always a one size fits all solution though - depends how sensitive your data is, whether other risks are covered, and what factors your stakeholders care most about.
Upvotes: 1
Reputation: 2008
With Auth0 and reactJS: store the tokens in memory combined with Silent Authentication can be used. A similar approach can be used with Azure as the OpenId Connect support "prompt=none" to avoid user interaction when there is already a session in the server.
Upvotes: 0
Related Questions
- How to store JWT tokens in React Native?
- OAuth client secrets in React apps
- Authentication token in React.js
- How can I store and secure my JWT token in react application
- How to Store JWT token in a Cookie in reactjs?
- Storing Oauth access token and refresh tokens
- How can i send jwt token to client after OAuth autherization?
- How to store OAuth2 access tokens in a React application?
- React persistent login with JWT
- Store token generated on fetch() with React.js