DEV Community

amineamami
amineamami

Posted on • Edited on

How should one handle Authentication in Single page application

I was wondering what approach would be best to handle authentication in SPA (JWT , oauth 2 implicit flow ... ) if jwt where would you recommend to store the access_token ?

Thanks in advance

Top comments (7)

Collapse
 
rhymes profile image
rhymes

Hi @amineamami , unfortunately there's no easy answer to this. Depends on your requirements and in part on the technologies you're using and/or have available.

In general a lot people using JWT store the token in the local storage even though it can be a security issue because the local storage is accessible from all JS (which means in theory also malicious code).

There was a really interesting article and ensuing discussion on this topic:

If you can tell me more details about what you're using on the client and on the server maybe we can find a proper tutorial on how to use jwt or more secure alternatives.

Collapse
 
amineamami profile image
amineamami

Thanks for the replay.
Mainly angular 6 and spring boot security

Collapse
 
rhymes profile image
rhymes

Googling "angular spring boot security" I found the following tutorials that might help:

:-)

Thread Thread
 
amineamami profile image
amineamami

I ended up droping oauth 2 implicit flow and jwt solutions for cookie session token stored into redis

Thread Thread
 
rhymes profile image
rhymes

Make sure the cookie is secure ✌🏾

Thread Thread
 
amineamami profile image
amineamami

Http only and secured = true

Thread Thread
 
rhymes profile image
rhymes

perfect! :D