I am trying to implement JWT in my authentication system and I have questions about JWT.
For saving the token, I would use cookie but it is possible too, to use localstorage or sessionstorage,
what would be the best choice?
I have read about, that JWT protect the site from CSRF. I can not imaging that, how that would works.
Assume, I save the JWT token in the cookie storage, how would it then protect from CSRF?
I saw some samples in internet like
curl -v -X POST -H "Authorization: Basic VE01enNFem9FZG9NRERjVEJjbXRBcWJGdTBFYTpYUU9URExINlBBOHJvUHJfSktrTHhUSTNseGNh"
Look at this web site: https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/
If you want to store them, you should use the localStorage or sessionStorage if available or cookies. You should also use the Authorization header, but instead of Basic scheme, use the Bearer one:
curl -v -X POST -H "Authorization: Bearer YOUR_JWT_HERE"
With JS, you could use the folliowing code: