Glad I could help you,
So the JWT or JSON WEB TOKEN is saved in localstorage in the browser, but in my current implementation, I am not at that stage yet.
The token will have usually the following values issuer validity(exp) and user id.
- Issuer makes sure that the token was created by our backend
- validity(expiration time 1h 1m 1y) the time it takes to expire and becomes invalid
- userid - the id of the user that is logged in.
To understand better about auth I also asked some questions here and posted a video about json web tokens in post 3, you should watch that video because it explains JWT.
Also the talk is being help by a security expert at okta.
PS: If you are not using a lot of js in your app a better approach is to maybe use phoenix directly with html views.