Interesting topic. Since I'm creating my first real bigger project with a Node.js Api and React Redux Client I need authentication.
Now I'm at the point where I don't know how to handle authentication "the right way".
Since I read many topics about it but the oppinions differ.
So at first there are the people that say instantly: Don't use localStorage with JWT.
For example here is an article: https://dev.to/rdegges/please-stop-using-local-storage-1i04
Here is another article from auth0: https://auth0.com/docs/security/store-tokens
But then I digged deeper into the wide world of authentication and I found many people stating:
"localStorage is as secure as a cookie"
For example from the first article the first comment, the third reply (here is a link: https://dev.to/jondubois/comment/373l )
I mean he got a point right? After reading that and some other articles and comments that say it's perfectly fine to store it in localStorage if you are not a bank with very sensible data.
So here I'm in 2019, not a beginner but also not an experienced developer, asking myself how I should implement this authentication flow without beeing too over compliacated (there are flows for storing the jwt into a httpOnly cookie for example) but on the other hand also not very easy to hack.
I'm trying to create a forum application. You can register, create your own forum and then other users can register for this forum. So basic authentication where I just send the user_id and token with the JWT.
I would really appreciate to here you oppinions and your recommendations guys.
