Where are JWT tokens stored in this example?

Question

I am a beginner and recently started learning about authorization and authentication.

So i came across JWT and started looking for tutorials how to implement it in node js. Appearantly there is a jwt middleware for nodejs called "jsonwebtoken".

I have watched some videos about it and learned that you can access the created token by accessing the header: (req.headers) Video I got the information from

code

now I'm dealing with the problem where that "header" is coming from and where it is stored. Is it a html header or a specefic cookie. I know there are 3 storages (local, session and cookie storage) but in what of these 3 is it stored.

I am really confused

millenion · Accepted Answer

You're the one who choose where to store it: after a successful authentication, JWT is meant to be sent to client and stored on client side, so as you said, you should choose between 3 solutions:

1- LocalStorage

2- Cookie: Vulnerable to csrf attacks.

3- SessionStorage: This option is excluded, because as soon as your user will close its window, data stored here will be lost, unless you want that behaviour.

Once your token has been stored, you can Again choose how to send it:

1- Send it in a header (Authorization) for example,

2- Send it directly in request body (in a JSON for example).

Your backend is then supposed to know how to extract it, from header / body, your choice again.

Keep in mind that you need to send it on every request you make to a protected area, that way you're making a stateless authentication everytime your backend receives a request to a protected area.

Where are JWT tokens stored in this example?

Answers (2)

Related Questions