1

I'm having a problem with authorization in react.js. I want to store user roles in application context but I don't know how to get them from JWT token. I found 3 possible solutions, which one of them is the best?

  • encrypt JWT on client side.
  • one more request to get user roles
  • return user roles with jwt token ( something like { token: , roles : } ).

Maybe there is some better option that I don't know. Thanks for all advices.

Jan Kowalski
  • 11
  • 1
  • 5

2 Answers2

0
  • encrypt JWT on client side: don't do that, let the server do the logic.
  • one more request to get user roles: it's okayish, but personally I wouldn't want extra request from client.
  • return user roles with jwt token: sure. You can see more info here Is setting Roles in JWT a best practice?
Viet
  • 12,133
  • 2
  • 15
  • 21
  • What I mean by "return user roles with jwt token" is that I don't want to put user roles inside JWT but to return it with response outside of jwt. – Jan Kowalski Dec 31 '20 at 04:07
  • Sure, you can return an object that contains both the JWT token and the user role (outside of token). – Viet Dec 31 '20 at 04:13
  • One more question where should I store user roles. – Jan Kowalski Dec 31 '20 at 04:18
  • If you want to cache the roles, then you can store roles in cookies. Otherwise store them in redux store (or if your application needs roles in most of the components then it makes sense to store roles in context, I would still prefer redux store though). – Viet Dec 31 '20 at 04:35
0

This is the way to do it,

return user roles with jwt token ( something like { token: , roles : } ).

but you don't have to do anything, let the backend do the stuff