I wouldn't go about storing tokens in Local Storage. Instead you will want to look into storing the token as an encrypted cookie. Both encrypted by your and decrypted by your PHP application.
So once a user authenticates, send a set-cookie header back with the successful authentication. This cookie will be an encrypted json object that will include an accessToken. So any request made back to the PHP application will send that cookie. If that cookie is present, have the PHP application attempt to decrypt it. If successful then use that token to validate the user.
DO NOT USE LOCAL STORAGE. As that tends to stay around forever.
Hey Ronald,
I wouldn't go about storing tokens in Local Storage. Instead you will want to look into storing the token as an encrypted cookie. Both encrypted by your and decrypted by your PHP application.
So once a user authenticates, send a set-cookie header back with the successful authentication. This cookie will be an encrypted json object that will include an accessToken. So any request made back to the PHP application will send that cookie. If that cookie is present, have the PHP application attempt to decrypt it. If successful then use that token to validate the user.
DO NOT USE LOCAL STORAGE. As that tends to stay around forever.
Thank you! I will try Cookie's approach!