Where do I put JSON web token?

Information Exchange: JSON Web Tokens are a good way of securely transmitting information between parties . Because JWTs can be signed—for example, using public/private key pairs—you can be sure the senders are who they say they are.

JWT Structure. A JWS (the most common type of JWT) contains three parts separated by a dot ( . ) . The first two parts (the “header” and “payload”) are Base64-URL encoded JSON, and the third is a cryptographic signature.

A JWT needs to be stored in a safe place inside the user’s browser . If you store it inside localStorage, it’s accessible by any script inside your page. This is as bad as it sounds; an XSS attack could give an external attacker access to the token.