Don't track JWT token at param and browser history

Hello. Is there any way (maybe someone have prosody module) to make an JWT auth without query param? It’s not secure to track it in a browser history. As a solution we can make a token lifetime as small as possible. But maybe there is some other ways to make it more secure.

1 Like

I found that jitsi client have this APP.store.getState()['features/base/jwt'] at redux store. Maybe that will help me or someone else.

Token value is passed as ‘token’ query paramater of BOSH URL

Yes, It works with

APP.store.dispatch(setJWT(token));

“setJWT is not defined”
What am I doing wrong?
Even setting the token directly in my local storage under “features/base/jwt” doesn’t work.