0

My question does not contain any code but I still feel it is relevant to developers.

I am trying to create a web application using web api in ASP.NET Core

I have already found a great tutorial showing how to set up JWT (https://jasonwatmore.com/post/2019/10/11/aspnet-core-3-jwt-authentication-tutorial-with-example-api). Using this, my application works fines via Postman.

The part that confuses me is where (or how) do I store the JTW. Is there a recommended way?

For example, after I authenticate, the response contains the JWT. This means my front end (javascript/html) has access to this token and it's this token I'll include in the auth headers on subsequent requests. I'm not sure how to store the JWT. I could

  • store the JWT as local storage
  • store the JWT as a javascript variable on the page
  • some other way I don't know of

Is one preferred over the other?

MyDaftQuestions
  • 4,487
  • 17
  • 63
  • 120
  • 1
    @jonrsharpe - I searched and searched and searched! Yes, it's a dupe :( Sorry everyone. Delete or mark as a dupe (is there a preference) – MyDaftQuestions Aug 01 '20 at 13:30
  • 1
    Recommended way is to store in cookies. Local/sessage storage isn't safe. Cookies are secure with `httpOnly: true` option – Tony Aug 01 '20 at 13:30

0 Answers0