I'm trying to understand my authenticity in ASP.NET Web API 2. In my application, I use the VS 2013 template, which implements OAuth 2.0 and uses a carrier token (JWT, as I recall). My question is: what is the best way to save the token on the client side. In his book, Badrinarayanan Lakshmiraghavan describes the carrier token as
The carrier sign is like money: seekers, guardians.
Therefore, is it safe to store in cookies? Does this not mean that the one who steals cookies will get full access to the application? On the other hand, I could encrypt the token using a hash before storing it in a cookie. Would it be safe enough? Are there any other alternatives? I saw several questions asking a similar question in stackoverflow, but did not find a satisfactory answer.
source
share