Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following is the recommended approach:

  • Store refresh token in one of the following methods:

    • Serverside (best option)

    • In a cookie. Make sure to set HTTP-Only=true to prevent misuse.

  • Store access token and id token using one of the following methods where design allows:

    • Serverside (best option)

    • Local Storage (2nd best option)

    • Session Storage (be careful because these are cleared when tabs close)

...