Security bank Auth, Tokens & Storage Security / 6 questions Your progress 0 / 6 done Saved in this browser. Reset All 6 Easy 1 Medium 3 Hard 2 Hide done No questions match those filters. 1 Where should you store a JWT — `localStorage`, memory, or an `HttpOnly` cookie — and why? Hard 2 What's the difference between authentication and authorization? Easy 3 What are the risks of storing tokens in `localStorage`? Medium 4 How do access tokens and refresh tokens work together? Medium 5 What is the OAuth 2.0 authorization code flow with PKCE, and why is it preferred for SPAs? Hard 6 Why should the frontend never be the only place authorization is enforced? Medium ← Previous CSP & Security Headers Next → Supply Chain & Data