L
L
Larisa .•º2021-10-01 16:12:24
Access rights
Larisa .•º, 2021-10-01 16:12:24

Is there an alternative way to pass scope(permissions) JSON WEB token-e?

There is a client-server application.
User authentication on cookies.
The client is implemented in vue. Server API in laravel.

The task is to somehow transfer the list of permissions to the client, control the availability (visibility) in the UI.

It immediately comes to mind to pass a list of permissions in a JSON web token or add a URL, something like GET /permissions.
But the moment arises that if the admin has changed the rights, how to notify the client about this, not to wait for him to re-authorize?

Using cookies for authentication is a must.

Prompt, maybe links, noun-e practices, access control implementations.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Anton Anton, 2021-10-01
@Fragster

Push the update to the client through a pusher or your solution based on a websocket on the client side and post on the server side. Request permissions themselves not only when logging in, but also when loading a page and when an action fails due to a violation of rights.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question