I may be paranoid, but is there any security concern about doing authentification on the frontend ? Wouldn't the user be able to see exactly what is going on and intercept some sensitive information ?
I'd say cookies have a greater risk of being intercepted and hijacked than a token-based system.
But every implementation has flaws even if the underlying concept has been vetted. But if you're protecting sensitive information, it's always good to hire a security expert to test your systems.
http://self-issued.info/docs/draft-ietf-oauth-json-web-token...
Additionally, there are quite a few benefits to using Token auth over cookie-based auth as well, such as not having to worry about CRSF protection:
https://auth0.com/blog/2014/01/07/angularjs-authentication-w...
I'd say cookies have a greater risk of being intercepted and hijacked than a token-based system.
But every implementation has flaws even if the underlying concept has been vetted. But if you're protecting sensitive information, it's always good to hire a security expert to test your systems.