Reputation: 207
Where can we store the JWT token securely?
1. User will do the login UserName and password.
2. If the login success then server will return JWT.
3. Now we will store the token.
4. Now for every request we will send the JWT Token for authentication on server.
My question is that Where can we store the JWT token because Local storage,Session,Cookies is not safe.
Upvotes: 2
Views: 530
Answers (2)
Reputation: 73
"Only the server should know the "secret" that is used to generate the JWT. If someone modifies the data contained in the JWT, the server will fail to decode it. So the server can trust any JWT that it can decode."
You don't need to store JWT token where someone can't find. And if you think if hackers get token of someone, there is a expiration date option for this.
Check this: How safe is JWT?
Upvotes: 1
Reputation: 21
httpOnly cookie
It's a special kind of cookie that’s only sent in HTTP requests to the server, and it’s never accessible (both for reading or writing) from JavaScript running in the browser.
Check this: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
You can use this Package to make your life easier if you want: https://www.npmjs.com/package/react-cookie
Upvotes: 0
Related Questions
- Where to store a JWT token properly and safely in a web based application?
- Where to store JWT token in react / client side in secure way?
- How can I store and secure my JWT token in react application
- Where to store a JWT Token and user id in a React JS application?
- Where to store JWT
- Where to securely store an access token used for api requests from the Monzo bank api
- Where to store authorization (or JWT) tokens on the web browser based clients?
- Where to store a JWT token locally on computer?
- Where should I save client's JWT for future requests?
- Where should I store jwt token for authentication on server side