How to store and manage tenant tokens

[dichotommy]

The tenant token docs do not offer much advice on how to store and manage tenant tokens throughout the lifecycle of an application. Solving this issue may require us to reach out to current users and interview them about their processes.

From this thread (private link):

Regarding the tenant token usage, the preferred way to do it is to emit a tenant token on the backend side with the Default Search API Key or any API Key having the search action and store the generated token somewhere (on his side). Whenever the user comes back, he can re-use the previously generated token from the frontend side (using an expiration date for the tenant token can match with the user session time, this way whenever the user has to re-log, a new token can be generated).

I’m just unsure about the best way to store the tenant token.

• In the backend user session?
• In the primary data store?
• In the client local storage?

[guimachiavelli]

@gmourier, do you have any input on this? Are there any tenant token storage and management strategies you believe are a particularly good fit for Meilisearch?