15Kas
Is it safe to store the OIDC token in a private field of a javascript object?
I would like to initialise a React application with an OIDC token. This token will be stored in a private field of the "api client" object. This object will be used to execute API calls and it will automatically add the OIDC token as a Bearer token.
Is this approach safe?