Reputation: 51
Store JWT/authorization on the Client/Server side of application [JavaScript]
Right now I am using a JWT token to validate the user and on the client side I store it in cookies. On the server side, I just generate this token and send it to the client side.
As I have seen, there are several approaches where server side tokens / authorization are stored in redis. I don't understand why I would use this. Can you provide me with some use cases for this? And maybe I should store the client side token somewhere else?
Upvotes: 1
Views: 522
Answers (1)
Reputation: 4352
Storing JWT on the server with Redis gives you more control over how authentication/authorization works on your app.
Consider the logout process, ideally, it should invalidate a token, but JWT doesn't really give you an easy way to revoke a token.
The best bet is to have it stored somewhere (Redis) and when a logout request is received, the saved token is deleted.
Redis is relatively fast, because of its cache feature, which basically allows you to save/retrieve the token in memory, and it also provides some cool features, one of which is to expire/self-delete a saved token after a set time.
Upvotes: 1
Related Questions
- Should I store JWT tokens in redis?
- JWT store at server database
- How can data be stored securely from backend code in node-red?
- How to store and handle JWT tokens on front-end using fetch, and how to store it?
- What is the standard practice to store JWT tokens in Redis?
- Storing JWT server side express.js
- Storing and Using JWT & Secret Key
- Where to store the JWT Client Credentials Grant
- Where should I store jwt token for authentication on server side
- How should I implement a token based authorization API in Node.js and Redis?