Reputation: 375
Do we need to store access token both on client and server side?
My question is - Do we need to store access token both on client and server side?
Identity Server 4 store access tokens for us, as far as I know, so we don't have to worry about that, but do we have to manage storing access token in the client side (e.g. cookie in browser)?
Upvotes: 1
Views: 1846
Answers (1)
Reputation: 53958
Typically yes, you'll need to store the access token on the client side. Assuming you want to call APIs repeatedly with that access token, you'll need to store in memory. If your Client lives in a browser (i.e. Javascript) you'll need to store it in a cookie or local storage. If you have a non-browser Client and you want to survive restarts, you'll need to store it on persistent storage, i.e. disk.
The only exception to all of this are Clients that only need to call an API once, which is a rare case.
Upvotes: 4
Related Questions
- Is is safe to store access token in session storage of client browser?
- OAuth 2.0 token based Authentication Question on storing token values
- Where to store Bearer Token in MVC from Web API
- Where should one store the authentication token in ASP.Net Core
- Understanding storage of OAuth token
- Where to store Refresh Token and Client Secret safely?
- Where to store access tokens?
- Where should I store the access token from OAuth2 in a MVC application?
- Is it okay to store access tokens on clients computer when using AuthenticationContext from ADAL
- Responsibility to store tokens in OAuth 2.0