Setup: Proxy Server handles domain and routes requests Micro Frontends domain/app1, domain/app2, etc. Distributed APIs domain/api/app1, domain/api/app2, etc. Proposed Flow: Auth flow started by user using auth code grant Backend receives auth code grant, exchanges for access token, and s…

Hi @sam2099 , Welcome to the Auth0 Community! Answering this since it might help others as well. Your understanding is very on point! Generally storing access tokens in the browser directly is not recommended, but Auth0 recommends storing tokens in browser memory as the most secure option. Using We…

Storing access tokens in HttpOnly Secure SameSite=Strict cookie?

Get Help

system Closed May 14, 2025, 4:51pm 3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Where to store refresh token on WEB? JWT.io jwt , login	2	4844	July 8, 2019
Securing access tokens in SPA + API Get Help spa , rest-api	4	5641	August 2, 2019
Isn't storing a JWT in a non-httponly cookie just as insecure as local storage? JWT.io cookie , localstorage	4	9432	August 21, 2020
Authorization Code Flow Implementation: Access Token vs Cookie-Based Authentication from Browser Get Help	2	6860	September 1, 2022
Store Auth0 JWT in httpOnly cookie Get Help jwt-security , api , client , cookie	8	15106	March 24, 2020

Storing access tokens in HttpOnly Secure SameSite=Strict cookie?

Related topics