Question: Securing links based on privilege • r/angularjs

  • I’m building my first project with Angular2, getting data from a node api secured with jwt tokens.
  • I have 3 levels of privilege for my users and some links on my menu that should be visibility just for level 2 and 3, others just for level 3.
  • My question is, how do I verify user privilege in order to display the links accordingly?
  • Do I store the user’s privilege level in local storage together with the token?
  • Or do I make an http call every time to check the user’s privilege level?

I’m building my first project with Angular2, getting data from a node api secured with jwt tokens. I have 3 levels of privilege for my users and…

@Beepop_Agency: Question: Securing links based on privilege:

I have 3 levels of privilege for my users and some links on my menu that should be visibility just for level 2 and 3, others just for level 3.

The privilege level should be part of your JWT claim. You can decode the JWT client-side once the token comes back from the server and store the claim information as you see fit; local storage is fine, or even just as a value of an app variable. At that point it will just be a matter of conditionally showing data/links/etc based on the privilege level you’ve stored.

That JWT gets sent along with each request to the API, so if someone tries to escalate their privilege level (A) by forming a request they normally should not have access to, the server should check the authorization level and reject the request; or (B) by altering the JWT claim’s privilege level the server will reject the request because the JWT will fail a signature check.

Question: Securing links based on privilege • r/angularjs

You might also like More from author

Comments are closed, but trackbacks and pingbacks are open.