I have a SSO integration which returns a JWT token and I don't want to store this token in local storage for security purposes. I don't want to get it every time from server, what are the possible options?
Asked
Active
Viewed 1,486 times
0
-
Does this answer your question? [any idea to setup Cookie parameter 'HttpOnly' using angular](https://stackoverflow.com/questions/59611002/any-idea-to-setup-cookie-parameter-httponly-using-angular) – RomanHDev Jan 31 '22 at 15:02
2 Answers
0
This is done from the server side in communication with the the browser directly, Angular is not really involved. If the cookie is also httpOnly, only the server side will be able to read/set the cookie.
So to directly answer your question, it sounds like a good idea but it would have to be done on the server side, not the client side.
Robin Edquist
- 1
- 3
0
You should avoid storing tokens at all in the browser, as it is a public client and hence not secure at all.
You should instead consider using the BFF pattern, see this videos for more details:
Tore Nestenius
- 16,431
- 5
- 30
- 40