I was wondering what is the best practice for storing a JWT on the client? Also where is this JWT stored on the server for each account? Thanks !!!
Hi @RonaldRex-2335 ,
You need to do just like this:Setup the .Net 5.0 Web API Project.
Configure JWT Authentication
Generate JWT Token.
Validate JWT Token using Custom Middleware and Custom Authorize Attribute.
Testing the Endpoint (API) with Swagger.
A JWT needs to be stored in a safe place inside the user's browser. Any way,you shouldn't store a JWT in local storage (or session storage). If you store it in a LocalStorage/SessionStorage then it can be easily grabbed by an XSS attack.
If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Depends on security requirements and if refresh tokens are supported. The most secure is to store in memory.
The server does not need to store the token. It’s sent on each request, and the payload is clear text. The server just needs to verify the signature is valid.
5 people are following this question.