Reputation: 1
angular roles localstorage security
im building a store in angular using JWT with passport and authguard, and only the administrator should enter in a privileged area, should i display the role in localstorage and make a function to compare if(user.role === 'admin') ?
if a user loggedIn edit his localstorage cookie and change the role to 'admin' can gain access and vandalize my application?
i didnt found so much info about roles in angular can u give some guide or link me a tutorial/book to learn more about it
Upvotes: 0
Views: 383
Answers (1)
Reputation: 23
I encounter this problem as well. since I needed user role for almost every page, I used CryptoJS to encrypt the role and decrypt it on a auth service.
Here is a link for that library on github: https://github.com/brix/crypto-js
Hope that helps Good Luck
Upvotes: 1
Related Questions
- http://localhost:3000/users/profile 401 (Unauthorized)
- Angluar modfifying localStorage data to add Roles
- Angular 4 jwt authentication
- How To Store Token From Passport.js In Localstorage
- Error : 401 (Unauthorized) , Passport Authenticate in Node
- Discussion: the concern of Passport-local JWT Token in Local Storage
- ( AngularJS + Passport ) User authentication
- Authentication as an anonymous user
- Auth0 and localStorage
- authentication using passport jwt