Leto
Reputation: 136
Storing access token and refresh token NextJS
I'm trying to integrate one App built with Next.js and Salesforce Marketing Cloud. This integration use an OAuth. After the user had logged in, he is redirected back to the Next.js App with the authorization code, then a request is sent (with the code) requiring an access and refresh token.
What is the best or correct (or secure) way to store the access and refresh token?
Can it be stored in the client? Or Should be stored in the ServerSide (in Next.js), creating a session with an HttpOnly cookie?
Upvotes: 0
Views: 1041
Answers (1)
Jerome Anthony
Reputation: 8021
HttpOnly cookie storage with CSRF tokens is the best way to store jwt tokens.
Upvotes: 2
Related Questions
- Next-auth - How to update the session client side?
- How to implement refresh token in Next.js using NextAuth?
- Is it safe to store access token in next-auth session?
- Where to store JWT token from an API in next-auth
- Request/obtain Access Token for accessing API (Auth0)
- how to store and get access_token in NextJS SSR
- How to persist authentication in Next.js using firebase after token expiration and or refreshing the page
- How to use JWT to store data in NextAuth
- Nextjs - Auth token stored in memory + refresh token in HTTP Only cookie
- OAuth2 Refresh Token. How to store it on client-side