JWT and Api Tool Social Login

I am following this doc: https://api-tools.getlaminas.org/documentation/recipes/integrate-social-logins

Everything is working. But I need to understand a few things.

  1. My token is never expiring.
  2. Where should I keep the token? In the session or cookie?
  3. How do I better handle the token from the frontend app (angular) for security reasons?

Thanks.