simple_token_authentication icon indicating copy to clipboard operation
simple_token_authentication copied to clipboard

Published 20 hours ago verified publisher icon gonzalo-bulnes

Where should I store the token on the frontend?

Open imgyf opened this issue 4 years ago • 2 comments

Hey @gonzalo-bulnes, I love your super simple gem for API authentication.

I'm wondering what's the most secure way to store the token on the frontend. Could you advise, please? Thanks.

imgyf avatar Jun 11 '20 08:06 imgyf

localstorage, your can encrypt before storing if u want

swikars1 avatar Nov 06 '20 12:11 swikars1

@gohyifan check this https://pragmaticstudio.com/tutorials/rails-session-cookies-for-api-authentication

as for localstorage its kinda dangerous because its vulnerable to XSS attack

buncis avatar Jan 01 '21 07:01 buncis

@imgyf Indeed, the short answer is that you should probably not store these tokens on the frontend. I've added a note about this in the README.

Thanks for the helpful reference @buncis !

gonzalo-bulnes avatar Dec 27 '22 04:12 gonzalo-bulnes