stackoom
  简体   繁体   中英

How to securely store JWT in browser?

 原文  2020-12-18 09:30:13       javascript/ node.js/ angular/ browser/ jwt

Question

I'm using Angular 10 for front-end. I'm getting JWT from Back end services. I need to store my Okta JWT securely in browser. I studied about storing token in window.sessionStorage or window.localStorage or HTTP only secure cookie. But, I'm not sure how to avoid XSS and XSRF attacks.

What is the best approach to store JWT securely and traverse adhering to XSS and XSRF prevention?

Thanks in advance

1 answers

solution1
 1  2020-12-18 23:07:48

It is not possible for the data held on the client side to be "secure". There is nothing more than a JsonWebToken implementation with a short expiration time. By keeping them in local storage, you can additionally encrypt them and decrypt them in the case of the need to use the token to communicate with the server.

I recommend reading this article by George Koniaris.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to store JWT in browser? How to securely store JWT tokens in react/next.js application? How to store password in angularjs securely How to securely store localstorage in angular 5 Having trouble grasping how to securely sign JWT with Private Key How to store a json data securely in phonegap android? How and where to store access token securely How to securely store password in local storage How to store a password as securely in Chrome Extension? How securely store passwords for server side use?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM