Reputation: 643
Role based authentication in Vue using JWT
I'm working on a project with a RESTful Java backend and a Vue SPA front-end. Whilst figuring out how to do user authentication I came across JWT-tokens and since it (sorta) was what I was looking for I recklessly implemented it.
Few weeks later I realize that because the content being shown on the client side, depends on the users role, the client of course needs to know the users role. For obvious reasons I don't want to store the users role inside my client.
My question: I could create a request on the server that looks at the Authentication header and returns the role, but would this be save? If not are there any common strategies when it comes to roles and JWT-tokens? Or should I forget the JWT way of doing things and implement another kind of authentication entirely?
Upvotes: 2
Views: 1669
Answers (1)
Reputation: 13644
JWT is the common way to Authenticate users with SPA as Frontend + REST Api as backend.
- You definitely should not store your Token Secret in frontend app.
- You definitely can do kind of
/user/rolesendpoint in your API which will return the list of user's role.
Point 2 solution is 100% safe. Why? Even if someone will hack your frontend app to show the content which they should not see, your backend is checking Authorization at endpoint, so they will not get/put/change any data which they have not privilege to access in their JWT.
Upvotes: 1
Related Questions
- How to protect routes from guests and with roles if using JWT?
- How to properly secure Vue using axios and jwt?
- How to Implement Role Based Authentication with JWT in Python
- Role-Based Authentication vue js firebase
- How to do JWT auth?
- Authentication flow in Vue.js + REST api
- How to create login for multiple roles and users in Vue.js
- JWT authentication with AXIOS
- JWT authentication with Vue.js
- Vue-auth websanova