So I have a react app that makes requests to a content management backend for content. It can also post content to that backend. To secure it, I require JWT authentication in order for a request to the api to succeed. When I request a token, it isn’t stored, and is used immediately after it is retrieved. It is piped directly into the authorization header of the request to be sent. My concerns are: