1,066 questions
Authenticating a Web Application Using JSON Web Token
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 0%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Progmaster
1
Reputation point
Suppose I am not using any front-end or back-end framework to generate any markups on the front-end of my web app but I am using a Web API for authentication purposes, how should I use JWT for authentication purposes? I have done some online searches on securing JWT and found the following :
1 - Store JWT in HttpOnly cookie
2 - Use HTTPs instead of regular
3 - use --Host prefix on cookies
4 - Set SameSite attribute
5 - Encrypt and sign the cookie value with the server secret
The problem is I have not seen any article talk about how to actually use JWTs once they are created and stored in HttpOnly cookies.
The questions I have are the following, (if I'm not using any framework):
1 - How do I use JWT on the front-end if it cannot be accessed by javascript?
2 - How do I persist JWT on the front-end if I don't want users to keep logging in after they leave/refresh a page?
Microsoft 365 and Office Development Office JavaScript API
Sign in to answer