I understand that the best practices are to use Auth0 Single Page App SDK and not store tokens in local storage. I am currently trying to understand how secure auth0-spa-js is but I can not find any information on the architecture for that library. Internally, how does auth0-spa-js store both access…

Yes, that applies in the same way for this grant type, if the client is a SPA. It’s also the grant type that the auth0-spa-js uses.

How does auth0-spa-js store tokens

Help

npatel September 12, 2019, 9:50am 6

did you set the audience correctly? that should enable JWT access_token instead of a string access token.
Can you also check what is getting sent in headers

1 Like

Auth0/auth0-spa-js Access token refresh?

Topic		Replies	Views
New auth0 spa js Help	4	3164	October 4, 2019
Auth0-react maintaining authentication on page refresh Help refresh , auth0-react	2	3443	January 12, 2021
If SPA's don't use refresh tokens, why is there a setting for them? Help	4	2938	August 12, 2020
Storing Auth0 tokens in session storage instead of local storage Help id_token , access-token , auth0-spa-js	4	15666	May 24, 2021
SPA & Refresh Token Help auth0 , spa , refresh-tokens	4	3053	May 27, 2020

How does auth0-spa-js store tokens

Related topics