Is it safe and convenient to store jwt token in Localstorage or cookies and to store the user's-CodePudding

I am creating an authentication service in React and I am trying to find an ideal methodology of storing JWT from backend and storing in cookies or localhost and the data of user to store in context API to access user's data through out the web

CodePudding user response：

Yes that is the best way just store the jwt token inside your localstorage because every API also has some auth checks so if someone tries to erase that token then your API would fire the error message. And for user data instead of context API, I would recommend you to use redux for storing the user data.

CodePudding user response：

If jwt token has no private info, it is okay. Jwt token should have non-private infos. If you want some private info to jwt, then you should use session & cookies

CodePudding user response：

Use contextApi if you want to avoid props drilling, or sharing props to multiple components with in a drilling manner. It is meant to be sharing props in a component tree.

If your browser refreshes your data wouldn't be persisted , so if you want to share data to all the pages even after refresh consider using localstorage.

You should definitely store jwt token inside localstorage, but make sure to authenticate on every hoc of your components, so your props dont go stale.

Your Api's should be called on HOC's or parent components, where oAuth can be used to check the api url's header and accordingly when something changes your all the child components would get new data.