Don't track JWT token at param and browser history

Hello. Is there any way (maybe someone have prosody module) to make an JWT auth without query param? It’s not secure to track it in a browser history. As a solution we can make a token lifetime as small as possible. But maybe there is some other ways to make it more secure.

1 Like

I found that jitsi client have this['features/base/jwt'] at redux store. Maybe that will help me or someone else.

Token value is passed as ‘token’ query paramater of BOSH URL

Yes, It works with;

“setJWT is not defined”
What am I doing wrong?
Even setting the token directly in my local storage under “features/base/jwt” doesn’t work.