Wherever you want.
Some of that depends on what language you are using for your backend.
Store it in memory
Store it in Redis
Store it in a DB
You could do this but it’s generally not advised.
You should generate and use a token till it’s close to expiration
Sure that works!