My name is Mody Tal my email is: email@example.com and I have purchased and watched the video of the course: Angular - The Complete Guide (2020 Edition)
Well, Just a small question, In lecture 303: “Auto Login” You have mentioned that the web API (for authentication) which is firebase on our case,
they should return a token with info on the authenticated user, and also you have mentioned that the JWT token should be stored on local storage
however, when I googled: “put authentication in local storage” the question: Is it safe to store the auth token in local storage?
Because, here is an answer I got from google about storing authentication info on local storage:
"A JWT needs to be stored in a safe place inside the user’s browser. If you store it inside localStorage, it’s accessible by any script inside your page (which is as bad as it sounds, as an XSS attack can let an external attacker get access to the token). Don’t store it in local storage (or session storage)
So, the question is where should I store the token? Because both local storage and cookies are visible to the user (as you have mentioned they can inspect the local storage or cookies from application tab in the google chrome inspectors and they can even modify the local storage I think
I hope you can answer my question as I want to make authentication as secure as possible.
Thanks Mody Tal,