Where should I store the bearer token for JWT?

Question

I'm developing a JWT application and curious what would be the most effective storage mechanism for the token passed as a Bearer token in the header.

What would be the best way to achieve this on jQuery? Is there a method that is more secure than others?

Started an answer on this, but when I did complete it, noticed the duplicate so ended up adding a [new answer](http://stackoverflow.com/a/40376819/204699) for the original question. — João Angelo, Nov 02 '16 at 09:52

score 0 · Answer 1 · answered Oct 29 '16 at 09:05

Usually JWT tokens are generated on the server-side (by central authentication service, like IdentityServer) and used for accessing microservices API of the same application. In most cases JWT tokens have expiration time (minutes or hours) and when expired client should request new one from the auth service. If this is your case, you don't need to store JWT token for a long time - it's just a 'context' of your front-end part. When web page is fully reloaded, new JWT token should be requested, and this is normal behavior.

You can specify JWT auth header for all jQuery ajax calls in the following way:

var jwt = "your_jwt_token_value";
$.ajaxSetup({
    headers: {
        'Authorization': "Bearer " + jwt
    }
});

Where should I store the bearer token for JWT?

1 Answers1