Reputation: 95
Do JSON-Web Tokens (JWTs) cover both authentication and authorization?
I am researching on how to create a blog website that allows a user to sign in and based on his/her user role they can edit blogs, delete blogs, etc. but only if they are the user that created that certain blog. However, another user can sign in and if he/she does not own a certain blog, they can only view the blog and not edit or delete. Before I dive deep into this project, I was wondering if JWTs would, by itself, be able to accomplish this mission or is there a better technology for this functionality? Thanks!
Upvotes: 0
Views: 37
Answers (1)
Reputation: 142
Store user's role in your database and while generation fresh jwt for user set key/value pair describing user's role. That's it for role based Authorization using jwt.
This is nice short post related to role based Authorization using jwt
Upvotes: 1
Related Questions
- Bearer Token authentication and JWT
- Authentication token in React.js
- Secure JWT token handling in React
- Jwt authentication on node-js and react -js
- Doubts about Json web token and users' sessions control
- JSON webtoken login authorisation for react and express protected routes
- Handle JWT Authentication with React
- Correct usage of JSON Web Tokens
- Understanding JSON Web Token (JWT) in context of web authentication
- Json Web Token + User Authentication