I am not a security expert, but -- like everyone else -- I definitely need to secure my apps.
I have been searching for weeks for a definitive answer to the question:
“Is it safe to save in the LocalStorage the AuthToken of API calls executed via Front-End?
In summary, my research so far has produced two broad findings:
1) Developers have always been taught to save in local storage this type of token.
2) The only real downside to doing so - felt by many but not all - lies in the risk of XSS attacks.
Does anyone who has already addressed this problem and/or has the expertise to do so feel like sharing useful material/expertise here to help solve the problem? Best Practice? Most secure solution?
For example, who connects Bubble frontend to Xano backend via authenticated API calls that don't go through the API Connector (using the SDK connector), how do they handle the AuthToken?
Thanks for your help!