I was wondering what approach would be best to handle authentication in SPA (JWT , oauth 2 implicit flow ... ) if jwt where would you recommend to store the access_token ?
Thanks in advance
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (7)
Hi @amineamami , unfortunately there's no easy answer to this. Depends on your requirements and in part on the technologies you're using and/or have available.
In general a lot people using JWT store the token in the local storage even though it can be a security issue because the local storage is accessible from all JS (which means in theory also malicious code).
There was a really interesting article and ensuing discussion on this topic:
Please Stop Using Local Storage
Randall Degges
If you can tell me more details about what you're using on the client and on the server maybe we can find a proper tutorial on how to use jwt or more secure alternatives.
Thanks for the replay.
Mainly angular 6 and spring boot security
Googling "angular spring boot security" I found the following tutorials that might help:
:-)
I ended up droping oauth 2 implicit flow and jwt solutions for cookie session token stored into redis
Make sure the cookie is secure ✌🏾
Http only and secured = true
perfect! :D