In my last post, we looked at how OAuth 2.0 works and examined how to generate access tokens and refresh tokens. Now we’re diving into how to store tokens in your front-end.
Access tokens are usually short-lived JWT Tokens that are signed by your server and are included in every HTTP request to your server to authorize the request. Refresh tokens are usually long-lived opaque strings that are stored in your database and used to get a new access token when it expires.
There are two common ways to store your tokens. The first is in localStorage
and the second is in cookies. There is a lot of debate over which one is better with most people leaning toward cookies as they are more secure.
Let’s go over the comparison between localStorage
and cookies. This article is mainly based on this article and the comments on this post.
Pros: It’s convenient.
Authorization Bearer ${access_token}
.#cookies #web-development #javascript