Never use localstorage for JWT (Json Web Tokens)
JWTs are an industry-standard way of storing authentication tokens for users, which are just strings of information that security identifies a user logged into a site or app.
At AuthRamp, we've noticed an unfortunate trend of web developers storing JWTs in web browsers' localstorage API. At first glance, doing so is tempting, however upon closer inspection, it is a security bluder that we warn against.
Always use http-only secure cookies