do you query the localstore everytime to get the token before making api calls ?
Is it good practise to pick up token from localstoreage for every api call ?
Context: im working with a very old legacy codebase which usses oidc client with react. There is no auth cookies, jwt token is stored directly into local storage.
The issue: if the token expires lets say in 2 min. Oidc client makes calls to auth server for token renewal. And stores this token in the local store. But this change is not picked up the axios instance. It keeps using the old token.
The cause: the token is set to the instance on load when the app first loads ina. Use effect and then never updated again. My friend tells me it shoukd be fine to query the local store for each request. But doesnt seem right. Is this how its done ?
3 Replies
Localstorage is generally unsafe and a bad idea to store things like tokens, its best to use cookies, most specially httpOnly cookies (and server sessions)
DEV Community
Please Stop Using Local Storage
Local storage shouldn't be used to store sensitive data. It's unsafe!
1. I subscribe to what @Jotas said
2. It's fine to pickup the token with every api call
I am using auth0 oidc with actions:
User logs in and an encrypted session token gets saved in a cookie. Every time the users opens a page requiring data from an api, the action requests a new access token (with the refresh token) and uses it to further call the backend.