How to save Token to Local Storage | javascript save token
DontsaveaTokenintheLocalStorage.ItsnotagoodStylebecauseyouopenuptoattackers.Ifoundthislinkonmysearch:https://medium.com/@benjamin.botto/secure-access-token-storage-with-single-page-applications-part-1-9536b0021321[1].Thisisapartfromwhatsinsidethepage:“It’srecommendednottostoreanysensitiveinformationinlocalstorage.”-OWASPCheatSheet“Don’tstoretokensinlocalstorage.”-Auth0:WheretoStoreTokens“YouaresafefromCSRF,butyouhaveopenedyourselfuptoamuchgreaterattackvector…XSS.”Okta:JWTsSuck“Don’tstore[JWT...
Dont save a Token in the Local Storage. Its not a good Style because you open up to attackers. I found this link on my search: https://medium.com/@benjamin.botto/secure-access-token-storage-with-single-page-applications-part-1-9536b0021321[1].
This is a part from whats inside the page:
“It’s recommended not to store any sensitive information in local storage.” -OWASP Cheat Sheet
“Don’t store tokens in local storage.” -Auth0: Where to Store Tokens
“You are safe from CSRF, but you have opened yourself up to a much greater attack vector… XSS.” Okta: JWTs Suck
“Don’t store [JWTs] in local storage (or session storage).” LogRocket: JWT Authentication Best Practices
“It is best to avoid letting the JavaScript code ever see the access token.” OAuth 2.0 for Browser-Based Apps: Best Current Practice
References https://medium.com/@benjamin.botto/secure-access-token-storage-with-single-page-applications-part-1-9536b0021321 (medium.com)