Michal Trojanowski questions

Michal Trojanowski answers

• Is it safe and convenient to store jwt token in Localstorage or cookies and to store the user's data in Context API
• what is jwks? what actully does jwks with refresh and access tokens?
• Authentication Header for HTML Post form
• Where to store JWT token in react / client side in secure way?
• Is there a way to remove 'iat' option from jwt payload in jsonwebtoken library typescript?
• Should JWT access tokens contain PII?
• How to implement Refresh Token rotation
• Why is BFF pattern deemed safer for SPA's?
• Is there any reason to use HTTP header authorization to send JWT token instead of cookie?
• Why is refresh token is more secure & why do we use refresh token if it can also be stolen?