Reputation: 67
Angular2 share and mantain user secure data in all components
I have an angular2 app that authenticates through OAuth2 with password grant type. I store the session token on sessionStorage, and I need to store another data more secure, like user current roles.
I know that I can store more information in sessionStorage or localStorage, but this is easy modified by user. Although really, if the user modifies the sessionStorage, my backend is secured because check the token against user roles.
What happens is that if the user modifies his role he could see some hidden options, and i dont want this.
I think of two solutions, and i want listen some tips.
- Save the role in sessionStorage encrypted, suggestion about this? what encryptation i should use?
- Having a global service like is explained on angular docs, which is used by my navbar-component and load data on ngOnInit (because routes).
Any suggestion? Thanks.
Upvotes: 1
Views: 1055
Answers (1)
Reputation: 244
We have in our dashboard the same case of yours.
Approaching the second option its a bit messy because you need to think what happen if the user reloads the page. The service when you are reloading the page will loose the data and you will not know what where the roles for the user. You can fix this issue by running http in the app component when init.
For the case of encrypting read this: https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage
For now we use the approach of a Global Service. (Service are Singelton)
Upvotes: 2
Related Questions
- Share data between components In Angular
- Share Data Between Component
- How do I share data between components in Angular 2?
- Sharing Data through components
- Data Sharing between Angular components
- Sharing data between angular components
- Sharing data between components in Angular
- Angular2 Share data between components
- angular 2 share data between components
- Good way to secure multiple Angular 2 components