Should I store JWT tokens in IndexedDB?

After reading some articles, I realize that using localStorage and sessionStorage is a bad idea for storing JWT tokens, and cookies with httpOnly should be used instead.

As I read more and learn some about indexedDB today, I wonder if indexedDB is a secure option for storing JWT tokens as well?

Ref link: cookies - Should I store JWT tokens in IndexedDB? - Stack Overflow

Hi @karandave09,

Welcome to the Community!

It looks like indexedDB is subject to the same risks as localstorage and won’t solve for this.

1 Like

Hey @dan.woda,

Thank you for your reply.

Wanted a suggestion;
So where should one store jwt token for a complete client-side (kind of a widget) single page application?

We recommend refresh token rotation, or silent authentication (based on a cookie session), to get new access tokens in SPAs without leaving them vulnerable to XSS attacks in localstorage.

If you haven’t looking into using our SPA SDK, I highly recommend it.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.