I think the best solution is to store the token in the localStorage of the browser if you want to keep the user logged in ,otherwise use session storage.
Then send the token with every API request and check the validation of the token in every endpoint that needs authentication or authorisation ( create a middleware for that and add it to routes ).
You can check that repository I create a time ago
I think the best solution is to store the token in the localStorage of the browser if you want to keep the user logged in ,otherwise use session storage.
Then send the token with every API request and check the validation of the token in every endpoint that needs authentication or authorisation ( create a middleware for that and add it to routes ).
You can check that repository I create a time ago
ridaeh / Handmade
Dynamic website
Please do not store session tokens in local storage
auth0.com/docs/security/store-toke...
stackoverflow.com/questions/441335...
medium.com/redteam/stealing-jwts-i...