Auth0 Home Blog Docs

Which is the best way to store the auth0 token for a web app

auth0
localstorage

#1

Which is the best way to store the auth0 token?
Is that localstorage?
In auth0 js docs, all over it is mentioned to store the tokens in localstorage.


#2

It depends on the web app. for regular web applications the best place to store the token is in the server side session. For client side applications the best place to store tokens is in memory. This however comes with challenges in itself, but it is considered the best place. In other words the more transient the storage facility the better. Our auth0 quickstarts all user localstorage. We like to use localstorage in our quick starts so our applications can survive a page refresh, mitigate against CSRF, but they can be vulnerable to XSS if you don’t take care in your implementation of your application.