Where to store the secret key if the application is running in SPA (NUXT) mode?

I

Igor2019-07-16 19:22:25

JSON Web Token

Igor, 2019-07-16 19:22:25

Colleagues, good afternoon!
Where to store the secret key for JWT verification?
What am I talking about?
I understand how JWT works and how to check and where to store when it comes to API
But where to store the secret key to check the token
It turns out that I use 1 secret key to protect routes in NUXT and protect API methods.
Validate the token on the server and validate the token on the client.
But after all, the horse understands that the constant that will be downloaded by the browser will be located
in

the
client

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

R

Robur, 2019-07-16
@IgorPI

On the server and store.
On the client, jwt can be checked if it is signed according to the public / private scheme (RSA or ECDSA)
If you have an HMAC signature, then checking the token on the client is done by requesting a backend.

P

Pavel Kornilov, 2017-10-19
@footer_code

That is, the script should display a div with a specific id.

document.write(document.getElementById('id').textContent)