Hello Stan,
Thanks for your good comments! 🙏

Very good question! Just keep in mind that it’s all about the risk you want to take. If you store it in a cookie, you may open up your application to CSRF. Storing it in Web Storage (local or session storage) you accept the risk of XSS having access to tokens.

All in all, both options are widely used, but this doesn’t mean they are very secure. In this POC application, I preferred to follow the Web Storage option. However, I am open to further discussion through a new issue at Github. 😃