Where can we store the JWT token securely?

Question

1. User will do the login UserName and password.
2. If the login success then server will return JWT.
3. Now we will store the token.
4. Now for every request we will send the  JWT Token for authentication on server.

My question is that Where can we store the JWT token because Local storage,Session,Cookies is not safe.

this question has been asked a few times: here is one i answered a liittle while back https://stackoverflow.com/questions/61259117/standard-for-storing-session-key/61261079#61261079 — Joey, May 07 '20 at 15:15

score 1 · Answer 1 · answered May 07 '20 at 14:44

1

"Only the server should know the "secret" that is used to generate the JWT. If someone modifies the data contained in the JWT, the server will fail to decode it. So the server can trust any JWT that it can decode."

You don't need to store JWT token where someone can't find. And if you think if hackers get token of someone, there is a expiration date option for this.

Check this: How safe is JWT?

answered May 07 '20 at 14:44

Yagiz Turkmen

73
8

Thanks,Could we use httpOnly Cookies for Storing Jwt? – Sharad kumar May 07 '20 at 15:00
Can you check this: https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage I think yes you can. – Yagiz Turkmen May 07 '20 at 15:15

score 0 · Answer 2 · answered May 07 '20 at 14:33

0

httpOnly cookie

It's a special kind of cookie that’s only sent in HTTP requests to the server, and it’s never accessible (both for reading or writing) from JavaScript running in the browser.

Check this: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies

You can use this Package to make your life easier if you want: https://www.npmjs.com/package/react-cookie

answered May 07 '20 at 14:33

Johan Syah

21
4

Thanks Johan,Could you provide me Some Implementation details of storing jwt in httpOnly cookie in Node js backend? – Sharad kumar May 07 '20 at 14:39

Where can we store the JWT token securely?

2 Answers2