I have a backend api accessible only via authentication. This is offered through JSON web Token (JWT), once a correct pair of credential is given.
Now I'm developing the frontend for my app using Angular 9. The login is managed by an auth.service
which return a JWT if the correct credentials are given.
After the first request to the server (the login request), I set an interceptor for inserting the value of the JWT inside the subsequent request to the api. Now, one of my colleagues says that we must store the token value inside cookie on the browser.
To me, I don't find any reason to do that: why store credentials inside a browser if we already have our interceptor to authenticate requests?