11

I am building a React-redux spa and i am using an API built on node + express + jwt-simplea module and passport.js

When the user logs in with username/password, the server validates those credentials and sends the client back a JSON web token that they must then send along with every API request. So the React-redux app must store this token.

How do I securely store this client token in the React-redux app? Which plan to work with web tokens I must follow, and how best to implement user authentication on the client with react-redux.

Thanks for any help )

Ростислав Падалко
  • 227
  • 2
  • 12

1 Answers1

5

There's an article here (https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage/) that details the main options, cookies or localStorage/sessionStorage. Cookies are what seem to be recommended.

I used the axios library to make the initial authentication post request and receive the JWT response. From there, I used the react-cookie library to save the JWT in a cookie called token, which I pass forward in the Authorization header for any requests that require authentication.

Josh Slate
  • 774
  • 5
  • 17