node.js express client-server passport.js access-token

Passing token form server to client side and storing in secure way

I did my authentication at server node.js using passport.js and got the token. in order to render a page at client i need token to pass along with an image URL which i want to show on the client side. How can i securely pass the token from server to client using Express framework.

Solution

The standard way is to use an https connection and send it as plain json data.

For storage, your options are Cookies and Local Storage. This article from 2016 recommends using cookies with the HttpOnly cookie flag set.

To dig deeper, this StackOverflow question and answer compares the security of the two options, with no strong recommendation either way.

I want to install the "n" package and I get an error
n <version> command does not activate specified version
Change n install location
How to install a specific version of Node on Ubuntu/Debian?
Different node version for different projects, is there a way of telling node which version to use?
Install Node.js to install n to install Node.js?
How to select the latest node.js v6 version using n?
n-install: ERROR: GNU Make not found, which is required for operation
How to downgrade Node version with n
how switch to previous version in n (Node version manager)?
Automatically use the right version of Node for a package
internal/modules/cjs/loader.js:905 -> throw err;
Why doesn't "n" downgrade my node version on a Mac?
Node version manager
n failed to install/switch node in Linux?
vue command not found on Mac
How to uninstall n and all node versions installed by n
Angular CLI on HTTPS - can't install CI as root
n (node version manager): cannot create directory
npm module n emits errors
How to update npm permanently?
Cannot change nodejs version using n
upgrade nodejs to stable version
How should I install and use multiple versions of Node on the same production machine?