Where to Store JWTs | javascript save token
Update5/12/2016:BuildingaJavaapplication? JJWT[1]isaJavalibraryprovidingend-to-endJWTcreationandverification,developedbyourveryownLesHazlewood.Foreverfreeandopen-source(ApacheLicense,Version2.0),JJWTissimpletouseandunderstand.Itwasdesignedwithabuilder-focusedfluentinterfacehidingmostofitscomplexity.We’dlovetohaveyoutryitout[2],andletusknowwhatyouthink!(And,ifyou’reaNodedeveloper,checkoutNJWT[3]!) StormpathhasrecentlyworkedontokenauthenticationfeaturesusingJSONWebTokens(JWT)[4],andwehavehadma...
Update 5/12/2016: Building a Java application? JJWT[1] is a Java library providing end-to-end JWT creation and verification, developed by our very own Les Hazlewood. Forever free and open-source (Apache License, Version 2.0), JJWT is simple to use and understand. It was designed with a builder-focused fluent interface hiding most of its complexity. We’d love to have you try it out[2], and let us know what you think! (And, if you’re a Node developer, check out NJWT[3]!)
Stormpath has recently worked on token authentication features using JSON Web Tokens (JWT)[4], and we have had many conversations about the security of these tokens and where to store them.
If you are curious about your options, this post is for you. We will cover the basics of JSON Web Tokens (JWT) vs. OAuth, token storage in cookies vs. HTML5 web storage (localStorage or sessionStorage), and basic security information about cross-site scripting (XSS) and cross-site request forgery (CSRF).
...