Best practice for storing JWT token
Hi all!
Currently I'm developing an internal organization nuxt 3 web app that is not exposed to internet. I have backend api implemented in golang and another mobile app that is exposed to internet. (ie. 1 web app (private), 1 backend api (public), 1 mobile app (public))
Originally, backend api sent the jwt (access/refresh token) in response body to mobile app but now that I'm adding web app, I wasn't sure if I should use session cookie to store the JWT instead of including the token in response body.
How do you usually store token in browser? Given that this is internal organization web app, will it be alright to store the token in local/session storage? What kind of risks do i have for storing it in local/session storage for private web app?
Also, I wasn't sure if I wanted to use other nuxt 3 modules like sidebase auth. I took a look at an example from sidebase it seemed like it was implementing auth logic in server side of nuxt app instead of using custom backend api solution (like golang for my case). I mainly wanted to use auth library because I wasn't sure if my own implementation would be secure enough.
So tldr:
1. Is it secure to store jwt in local/session storage (for private app not exposed to internet)
2. Any recommendation for auth library for custom backend api
3. Advice on best practices for authentication using JWT (not oauth) for SSR application
Currently I'm developing an internal organization nuxt 3 web app that is not exposed to internet. I have backend api implemented in golang and another mobile app that is exposed to internet. (ie. 1 web app (private), 1 backend api (public), 1 mobile app (public))
Originally, backend api sent the jwt (access/refresh token) in response body to mobile app but now that I'm adding web app, I wasn't sure if I should use session cookie to store the JWT instead of including the token in response body.
How do you usually store token in browser? Given that this is internal organization web app, will it be alright to store the token in local/session storage? What kind of risks do i have for storing it in local/session storage for private web app?
Also, I wasn't sure if I wanted to use other nuxt 3 modules like sidebase auth. I took a look at an example from sidebase it seemed like it was implementing auth logic in server side of nuxt app instead of using custom backend api solution (like golang for my case). I mainly wanted to use auth library because I wasn't sure if my own implementation would be secure enough.
So tldr:
1. Is it secure to store jwt in local/session storage (for private app not exposed to internet)
2. Any recommendation for auth library for custom backend api
3. Advice on best practices for authentication using JWT (not oauth) for SSR application
