100DaysOfCode is a series of articles to record the process of learning programming. It just like a diary. I prefer to write small paragraph or paste a link to details so that I can write everyday.
Feel free to check the link if you want to know more details, thank you!
I develop an SPA application on Django/DWF recently. I used JSON Web Token (JWT) to authorize users for login and other operations. It’s Okay for me to create endpoints with JWT secure, exchange JWT with social medias’ access token.
However, the security issue is a critical issue for JWT. Where should we store the JWT? I tried some ways and wrote this note.
Please refer to my article for details.
It includes the following topics.
- The safest place: Browser’s Memory
- Should we store JWT in the LocalStorage?
- Double tokens policy: HttpOnly Cookie + CSRF token
There are some of my articles. Feel free to check if you like!