JWT: Where to store JWT in the browser frontend?

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
json web token is a standard for sharing json data that are protected by a cryptographic signature it is the most common method of authorization of services on the internet but the question is once your service issues the token where should your front and store it you want to strongly avoid anyone getting access to the identity or access token of another user through cross-site request forgery or cross-site scripting what method of storing jwt in the browser you use is super important because you want to make it very hard for anyone to hack your application if you store jwt in a cookie cookies have the advantage that they are automatically sent together with each request so you don't need to deal with any authorization header that makes them much easier to implement cookies are still open to cross-site requests forgery because of csrf you should also implement csrf tokens csrf token is a random string sent as a cookie with each request and it is different for each of those requests you should also use http only flag to make the cookie available on the server side a cookie with this flag attribute is inaccessible to the javascript document cookie api it is sent only to the server a cookie with the secure attribute is sent to the server only with an encrypted request over https protocol however on locals only you can still use http for jwt in web storage you can choose between local storage and session storage the difference between these two is that local storage is more permanent session storage is cleared when the user closes the website window local storage data have to be explicitly deleted unlike cookies local storage is sandbox to a specific domain and its data cannot be accessed by any other domain including subdomains but remember that you are still open to cross-site scripting both cookie and web street solutions can be a target of cross-site scripting local storage is used the most in jwd implementations however session storage is the more secure option here with local storage gwt is not passed with each request automatically and you need to pass it to the server through an authorization header yourself the most secure solution here is to store gwt in memory of your single page application this means that you end up storing the token in a javascript variable without additional persistence this comes with some limitations you cannot implement a single sign-on and each tab or open window in a browser will require their own sign-in because javascript memory is not shared however the sharing issue can be worked around by the use of a refresh token this solution is of course still open to gross site scripting like all the other solutions you will need to pass the jwt with each request using an authorization header the same way as you would with web storage and that's everything for the video today i hope that you enjoyed it as much as i enjoyed making it and you can find all the materials and source code in the description of the video see you with the next one bye
Info
Channel: 7urtle JavaScript
Views: 408
Rating: undefined out of 5
Keywords: json web token, jwt, javascript, authentication, authorization, security
Id: occfnVaZOXI
Channel Id: undefined
Length: 3min 12sec (192 seconds)
Published: Tue Nov 16 2021
Related Videos
Cookies, Sessions, JSON Web Tokens (JWT) and More 🍪🔐
LearnWebCode
28K
Fullstack Authentication with Refresh Access Tokens (Node, Next.js, Typescript)
flolu
3.4K
How to use JWT with SvelteKit and Strapi
Brayden Girard
5.6K
How JWT Works - Client and Server
Steve Griffith - Prof3ssorSt3v3
7.4K
JWT Authentication using FrontEnd | Implementing Refresh and Access Tokens in ReactJS
Mano Sriram
24K
JWT Authentication with Node Crash Course
Laith Harb
10K
Secret Codes: A History of Cryptography (Part 1)
The Generalist Papers
13K
What makes JSON Web Tokens (JWT) secure?
Hasgeek TV
31K
I bought 1000 meters of wire to settle a physics debate
AlphaPhoenix
584K
The Ultimate guide to JWT client side authentication (Stop Using Local Storage !!!)
Kati Frantz
41K
Using HttpOnly cookies in React & Node | Storing JWT Tokens or SessionID Securely
Rahul Ahire
26K
Dan Abramov SLAYS Frontend Interview w/ Ex-Twitch Engineer
Theo Browne
15K
React Router basics and advanced tips
7urtle JavaScript
1K
Build Login/Register API Server w/ Authentication | JWT Express AUTH using Passport.JS and Sequelize
CoderOne
11K
React JWT Authentication - Generate New Access Tokens without Logging In Again
Hong Ly
363
Making a Simple Hydrogen Generator from Washers
Maciej Nowak Projects
4M
5 Easy Steps To Master Currying And Higher-Order Functions In JavaScript
7urtle JavaScript
701
100% Stateless with JWT (JSON Web Token) by Hubert Sablonnière
Devoxx
107K
Spring Boot Form Handling with Spring Form tags and JSP
Code Java
16K
Why You Will Marry the Wrong Person
The School of Life
5M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.