Posted on • Updated on
I was wondering what approach would be best to handle authentication in SPA (JWT , oauth 2 implicit flow ... ) if jwt where would you recommend to store the access_token ?
Thanks in advance
For further actions, you may consider blocking this person and/or reporting abuse
Head over to the Welcome Thread and greet some new community members!
It only takes a minute of your time, and goes a long way!
Wioletta MikΕasewicz -
Rahmat Al Hakam -
Kristin Ides DeMar -
Lorain -
Once suspended, amineamami will not be able to comment or publish posts until their suspension is removed.
Once unsuspended, amineamami will be able to comment and publish posts again.
Once unpublished, all posts by amineamami will become hidden and only accessible to themselves.
If amineamami is not suspended, they can still re-publish their posts from their dashboard.
Once unpublished, this post will become invisible to the public and only accessible to amineamami.
They can still re-publish the post if they are not suspended.
Thanks for keeping DEV Community π©βπ»π¨βπ» safe. Here is what you can do to flag amineamami:
Unflagging amineamami will restore default visibility to their posts.
Top comments (7)
Hi @amineamami , unfortunately there's no easy answer to this. Depends on your requirements and in part on the technologies you're using and/or have available.
In general a lot people using JWT store the token in the local storage even though it can be a security issue because the local storage is accessible from all JS (which means in theory also malicious code).
There was a really interesting article and ensuing discussion on this topic:
Please Stop Using Local Storage
Randall Degges
If you can tell me more details about what you're using on the client and on the server maybe we can find a proper tutorial on how to use jwt or more secure alternatives.
Thanks for the replay.
Mainly angular 6 and spring boot security
Googling "angular spring boot security" I found the following tutorials that might help:
:-)
I ended up droping oauth 2 implicit flow and jwt solutions for cookie session token stored into redis
Make sure the cookie is secure βπΎ
Http only and secured = true
perfect! :D