securing react app with jwt authentication

0
votes

i have created an app with jwt authenticate,the flow is simple like i am providing user id and password to server and if authenticated then it provides me jwt and i store jwt token to session storage,and allow user to login, and then at every request i created an interceptor with axios that sends token from session storage,and everthing works fine.

But i am confused that when user login the jwt is seen from sessionstorage,so is it any secure way to store jwt,that cant be seen,and any securing steps to be taken in the current work flow to secure app

1
javascriptreactjsjwtsession-cookiesrestful-authentication

1 Answers

0
votes

There is no problem with the user being able to see the JWT. This is because, let us assume that you are the user, and being able to see the JWT, is something like being able to know the password. If, a third person gets to know the JWT is the only time when an issue can arise.

The places where JWT can be stored or mostly either sessionstorage or localstorage or cookies, with each having its own advantages and disadvantages in the security they provide. And in all methods, the JWT can be seen by the user.

Read the second part of this article, on the difference between saving in storage and cookies, and how to secure the JWT on each methods.