I'm currently developing an app in Angular with a laravel backend. I would usually store the user data as a JSON in LocalStorage. This new app deals with secure information so it can't be stored in plaintext.
The database is encrypted and traffic uses SSL but locally, I want to encrypt the data locally and store it so a user doesn't need to log in everytime they open the app.
My current workflow is the user logs in, the user is verified and the user data retrieved from the server. The data is saved as a service in Angular and stored as a CryptoJS.AES encrypted JSON string with the users password as a passphrase. Then in the next loading of the app, the app checks if there's any data in LocalStorage and if there is, the user only needs to enter their password and CryptoJS.AES decrypt will decrypt the json and store as a service variable again.
Is there any flaw or vulnerability or better library available for this kind of idea?
The modern standard for this kind of authentication are Json Web Tokens, JWT. They are perfect for angular and other SPAs, easy to implement and secure.