Kapin
Reputation: 43
How to store JWT and Refresh Tokens in a app or a browser?
I build a Rest-API which handle request by using JWT and refresh token. But i am not sure how to store it on client side.
Should I store both it in cookies with httponly flag?
Should i store both in cookies or one in local storage for example shared preference(Android App)?
I am very interested in what is the best practice to handle these token on client side?
Upvotes: 4
Views: 2109
Answers (1)
Gary Archer
Reputation: 29243
Standard recommendations:
- In a mobile UI store tokens in OS secure storage
- In a Web UI store the access token in memory
- In a Web UI refresh tokens in cookies work best
It requires a lot of discipline to do properly. My blog has posts and code samples you can run to understand this stuff. Maybe start here:
Upvotes: 2
Related Questions
- How to handle JWT refresh token in a mobile app environment
- Where to store a JWT token?
- Create refresh and access token jwt using java
- Mobile authentication approaches, JWTs and refresh tokens
- JWT authentication & refresh token implementation
- How to store jwt in android app in right way?
- Best strategy for storing and maintaining JWT refresh tokens in the database?
- Android JWT refresh token flow
- How to implement a refresh token process with JWT for Android apps
- Android refresh token