I have a liberty server with a web app and a REST API.
Both are secured by openid connect on the Liberty server. The api accepts access tokens for authentication. The web app is not entirely frontend so I would need liberty to handle the authentication.
I was thinking of storing the access token in a cookie and having the frontend read the cookie and add the token to any api calls. Is there a better alternative?
With the javascript readable cookie, I need to be careful with XSS.
You can use local storage or session storage based on your requirement. If you want to store it for that session only, you can use session storage wherein local storage is used when you want to store for long term.