I am designing a simple login architecture and am in doubt of where to save the user access token.
The system will be developed in SPA using AngularJS and the server will be a REST API not yet defined. When the user logs on to the system, he will receive a key that will be his access token to do any other operation on the system.
My question is how to store this token on the client side. Cookie is an option, but it does not seem safe, since it is very simple to open a Cookie and see the Token, I also thought to save in webstorage but I do not know if it is a good idea too.
Is there a pattern for this situation?