Is the JWT stored in local storage?
Hey, it looks to me (just investigated js library) that under the hood for Auth, it's authenticating and then storing that jwt returned in local storage for its entirety until it's invalid and you need to login again.
Is this a correct interpretation? If so, I thought it wasn't secure to do so as it creates XSS risks? Thanks in advance, just learning!
Is this a correct interpretation? If so, I thought it wasn't secure to do so as it creates XSS risks? Thanks in advance, just learning!
