A Token Walks into a SPA

Short Summary

Securing SPAs isn’t as straight forward as a traditional web application. The code is there for all to see. Cookies and local storage aren’t 100% safe. Where do we put the login forms? And what if the user refreshes?!

Learn everything you need to know about JSON Web Tokens, and maybe even some things you don’t! Keep user credentials safe, while still communicating effectively with APIs.


Single Page Apps are slick and fast. By moving much of the business logic to the browser, they gain advantages both for the application, as well as the load on hosting infrastructure.

But if they’re running in the browser, how do we secure them? The code is there for all to see. Cookies and local storage aren’t 100% safe. And what if the user refreshes?!

JSON Web Tokens provide a way to make sure that user credentials are kept safe, while still allowing browser-based apps to communicate with APIs.

This talk will take you from knowing what JWTs are to understanding how to use them, and where to get started. We’ll look at the request lifecycle of the authentication process, and cover best practices for JWT storage and handling.

Get updates in your inbox

I don't send many updates. I don't like to spam. Let's face it - I've not posted many new articles for a while (although I do plan on changing that). If you subscribe to new articles, I'll send no more than two emails a week. As for workshop and conference information, that'll be as and when I have details. It's not likely to be more than an email a week.

Tell me about

* indicates a required field