@ankitsinghaniyaz You do not need to take extra extreme care where you store the token regarding security (besides security standards of course). You can even display the token to the user, it can be unfolded by everyone (using jwt.io f.e.). Once someone tampers with the Token in any way it gets invalid.
So, storing in localstorage should be fine in 2016. Your Domain is the only one who has access to this store.