Should I store JWT tokens in IndexedDB?

karandave09 · May 20, 2021, 9:31am

After reading some articles, I realize that using localStorage and sessionStorage is a bad idea for storing JWT tokens, and cookies with httpOnly should be used instead.

As I read more and learn some about indexedDB today, I wonder if indexedDB is a secure option for storing JWT tokens as well?

Ref link: cookies - Should I store JWT tokens in IndexedDB? - Stack Overflow

dan.woda · May 24, 2021, 8:18pm

Hi @karandave09,

Welcome to the Community!

It looks like indexedDB is subject to the same risks as localstorage and won’t solve for this.

karandave09 · May 27, 2021, 7:40am

Hey @dan.woda,

Thank you for your reply.

Wanted a suggestion;
So where should one store jwt token for a complete client-side (kind of a widget) single page application?

dan.woda · May 27, 2021, 7:06pm

We recommend refresh token rotation, or silent authentication (based on a cookie session), to get new access tokens in SPAs without leaving them vulnerable to XSS attacks in localstorage.

If you haven’t looking into using our SPA SDK, I highly recommend it.

system · June 11, 2021, 7:07pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Which is the best way to store the auth0 token for a web app JWT.io auth0 , localstorage	7	13399	September 2, 2019
Alternative to local storage for storing token Help	10	14182	September 3, 2019
Is auth0-spa-js storing tokens in localStorage vulnerable to XSS? Help auth0-spa-js	5	4636	February 11, 2022
Best Practices on PKCE Token Storage in Nuxt Static Site JWT.io jwt , auth0 , vuejs , static	1	4807	August 3, 2021
Storing Auth0 tokens in session storage instead of local storage Help id_token , access-token , auth0-spa-js	4	15509	May 24, 2021

Should I store JWT tokens in IndexedDB?

Related Topics