Where to store a JWT token properly and safely in a web based application?

Question

I\'m familiar with Web Storage APIs and cookies but I can\'t figure what is the most secure way to store an authentication token. I\'m wondering if this might break any thir

Answer 1

1. JWTs should never be stored in your localStorage
2. In fact, they shouldn't even be stored in your cookies, unless you are able to implement very strict CSRF protection

Checkout this for motivation

• JWT as an id_token is like your user credentials
• JWT as an access_token is like your session token

The most secure option is in-memory. Checkout this for a deep dive