I have a problem. So, I’m creating an angular application that a user need to be validated, approved by someone and has a role. Basically I have 3 variables: isApproved, role and isValidated. Also I have a JWT token for authentication and authorization. How should I make these 3 variables persistant? I want to diplay users different pages if they are validated, or if they are only approved, or if they have only a specific role and they are validated, but not approved, and so on.
I’m thinking of storing them in local storage, but the user can change the values there. Another way that I think is that everytime a user refresh the page, to call an API that give me these 3 variables from the backend, but I don’t know if this is a good way to do that. Or is there any way of getting the values from token? Like using claims or something, and decoding the token on the client side to get the values?
Please help me if you can. Thanks and have a good day! 🙂
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Validating, authenticating and … performing only on client side is not a good idea. You have to check any request in back-end too. For example you store data in local storage in client side. if user changes local values, you double check in back-end and this prevent security issues. double checking in back-end is not a bad thing and in many use cases you should do it. one way is claims. if your back-end load is high you could use mem-cache. but if you use jwt and store data in claims with default asp core jwt provider, because it’s not a sign out mechanism, you get in trouble. if you use identity store data in claims is a good way and it’s scalable too.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0