I have some questions about the login process in LoopBack 3 and modern SPA
- The access token generated from users/login is JWT?
- How to properly (safely) store a token generated from users/login on the modern SPA side? Just save them in localStorage or Cookies and after reading, attach them to API queries?