Hello,
Since yesterday I’m experimenting with okta. The angular example was a good starting point.
https://github.com/okta/samples-js-angular
When doing research I found out that it is insecure to store tokens in localstorage. This way of storing the token is vulnerable to XSS. My question is why does this example store the token in localstorage instead of a safer method?
Some links I used for Research:
https://dev.to/rdegges/please-stop-using-local-storage-1i04
https://www.youtube.com/watch?v=GdJ0wFi1Jyo
https://logrocket.com/blog/jwt-authentication-best-practices/