DEV Community

loading...

Discussion on: How to securely store JWT tokens.

Collapse
gkoniaris profile image
George Koniaris Author • Edited

Also a small comment, I personally think that the endpoints that are related to payments and generally sensitive account actions should require an extra login with a different authentication method, valid for one API call only (especially for payment API calls) and should be served in a page where only vanilla javascript written by the web application developers is used.