Thanks for your article, why did you save your token in client-side storage instead of server-side cookie as a storage mechanism ? as you know client-side storage is vulnerable to XSS attacks.