Secure Storage of JWT Tokens

Hello,

I’m working on a project with the following setup:

  • Frontend: React application
  • Middleware: Forge (NodeJS)
  • Backend: Separate backend service

I’m looking for advice on how to securely store JWT tokens in this architecture. I prefer not to use session storage or local storage for storing tokens.

My main question is whether it is feasible to use HTTP-only cookies for token storage when working with the middleware. Can HTTP-only cookies be set and managed from the middleware, and if so, what is the recommended approach for implementing this?

Thank you!

@MarkMathiasz1,

Do you mean store the Forge Invocation Tokens, which happen to be JWT? Or is there some other kind of JWT token in your architecture? Why does the token need to be stored?