Currently, the access token is stored in localStorage, which makes it vulnerable to XSS attacks.
We should move to a safer approach like keeping the access token in memory and using an HttpOnly cookie for the refresh token to reduce security risks and improve overall session handling.

Related documentations;

• https://auth0.com/docs/secure/security-guidance/data-security/token-storage