Hi there,
I am not sure that the way we handle authorization from the UI is the best practice as of today,
and since we have already some JWS auth mechanism in our server,
I believe we should use it also for the UI.
I found a nice post about it where the jwt token is being stored in HTTP-Only cookie which are not accessible via JavaScript and items stored in such cookies are not vulnerable to exposure via an XSS attack:
I would like to know if there is someone with more experience on server-side than me
who wants to work on this together…?