Please do not store secrets in the local storage. They'd be accessible by any third party script loaded to your website, and one cross-site scripting attack away from leaking.
I don't know the full context of your token needs but I would usually recommend using a JWT for granting access to an API. For most use cases they are a simple but effective solution.
Please do not store secrets in the local storage. They'd be accessible by any third party script loaded to your website, and one cross-site scripting attack away from leaking.
For more, please read Please Stop Using Local Storage
Some other considerations regarding session ID security: On Securing Web Session Ids
Thank you. I wasn't really sure on it🙏.
I'll checkout the resources.
Definitely avoid storing your token in LocalStorage. Using a HttpOnly cookie might better serve you.
owasp.org/www-community/HttpOnly
I don't know the full context of your token needs but I would usually recommend using a JWT for granting access to an API. For most use cases they are a simple but effective solution.
blog.logrocket.com/jwt-authenticat...
Thanks Chris⚡