Your query seems too broad and subjective. However, if you seek an impartial perspective, allow me to offer my insights:
Token Storage Methods
When it comes to storing a token, the choice depends on your application's requirements.
LocalStorage Option
The conventional approach involves storing the token in local storage, ensuring its persistence on the device until manually removed.
Session Storage Approach
A variation is using session storage, which discards the token once the user ends their session.
Service Storage Alternative
An alternative is employing service storage, where the token remains valid within Angular's scope, barring page reloads or tab switches.
Selecting the Right Method
The decision hinges on your application's nature. For high-risk ventures post-login, opt for session storage to swiftly revoke access upon exit. For casual use, stick with local storage. If stringent security measures are paramount, leverage service storage.
Timing of Token Storage
Common sense dictates that tokens should be stored upon user login.
Token Updates
Avoid unnecessary token updates, as they typically correlate to user identity or session status. Instead, focus on deletion rather than modification.
Optimal Token Management Location
Create a specialized token management service for centralized control – a recommended best practice.
Further Clarification
You mentioned utilizing an Auth Guard, a commendable practice. It's perfectly acceptable to redirect users from your service; in fact, it's standard procedure for prompting logins. Utilize the router within your service without hesitation. Aside from potentially enhancing routing in guards, your current approach appears sound. One suggestion: consider incorporating an expiration date within your token handling for added security (particularly if opting for session storage in risk-prone scenarios).