1 Answer
- Newest
- Most votes
- Most comments
0
Hi apssg,
You can store your access tokens on client side (local storage/http cookie) or server side in a DynamoDB database, depending on your security and requirements level. Bear in mind that client side is vulnerable to XSS attack.
Moreover, on dynamo you can delete old tokens via Time To Live feature enabled and should be more secure.
It is a good practice to always pass access token as Bearer token in the Authorization header so that you can protect your application with short lived authorization mechanism.
Hope it helps.
Relevant content
- Accepted Answerasked 7 months ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago