I'm doing a small project to learn myself a new technologies and I started to implementing the app auth stuff and I wonder if you can share the best practices for that.
To narrow down what I'm doing is the simple web app with Node.js + GraphQL with Apollo Client + Mongo as database + React as a client. Also, I'm thinking about JWT tokens and email + password for Sign_up and Sign_in.
What I'm looking is how better to store the tokens, in browser in database? When to check them? What process of generating token and expiration practices? etc.
Would love to hear anything you have!