Web Authentication (React) Core Patterns JWT Token Storage Options and trade-offs: | Storage | XSS Safe | CSRF Safe | Best For | |---------|----------|-----------|----------| | httpOnly cookie | Yes | No (needs CSRF token) | Most secure for tokens | | localStorage | No | Yes | Simple apps, short-lived tokens | | Memory (state) | Yes | Yes | Very short-lived tokens with refresh | Cookie-Based Auth (Recommended) Auth Context Pattern --- OAuth Patterns Google OAuth (Web) NextAuth.js (Recommended for Next.js) --- Protected Routes React Router Next.js App Router --- Token Refresh Pattern --- Form…