I'm working on a web app using React for frontend and Django for backend.
Currently, I'm using django simple-jwt in for auth purposes, and the JWT access and refresh tokens are exposed in browser cookies, so anyone who gets their hands on these tokens can theoretically log in on behalf of the actual user. I was wondering if there are ways to prevent issues like this, particularly using Django?
I was looking into proof of possession (PoP) tokens, but didn't see any libraries that support this functionality in Django. Are there ways to prevent this in Django?