H
H
havemanyquestions2019-06-23 11:48:42
JSON Web Token
havemanyquestions, 2019-06-23 11:48:42

What does the workflow look like when using Auth0 (jwt)?

Hello.
Help me to understand.
1) The data received from the server (access token, id token) cannot be stored in local storage, only the flag is logged in / not or the lifetime of the token is placed there. How to work with it? After login, all information is stored in memory (store), I reload the page - everything is lost, the user is not logged in, you need to again. How to make sure that after reloading the page the user remains on the same page and is logged in?
2) In Firebase, for example, there is an onAuthStateChange method that can be placed on the main page and checked on every action. What is in auth0, how to monitor the authentication status on the server at all, how to ask the server if the user is still logged in?
3) At the moment, all I need from Auth0 is the ability to login and assign roles and permissions to users. When I log in, I should be given roles and permissions, which I will save in the store and will check for roles when launching any necessary component. In fact, I need to take this data from the server and monitor the state of a certain session on the server, how can I do this? After all, when a user is authenticated, somewhere on the server (db, ...) there is a mark that the user with such and such an ID has logged in and this authentication works for so many seconds or indefinitely. And every time I start the application, I have to make a request to the server to ask if the user is still logged in and get from the server all the data that I had in state, but was deleted due to page reload.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Anton Spirin, 2019-06-24
@rockon404

1. Why did you decide that the token cannot be stored in localStorage? Store it either there or in a cookie and check for it when you initialize your application.
2. If the user sends an invalid token or makes a request via a secure path without a token, return a 401 code from the server and handle the error on the client.
The ideal option would be to use one handler for all requests.
Using axios as an example:

axios.interceptors.response.use(
  res => res,
  error => {
    if (
      error.response &&
      error.response.status === 401 &&
      error.response.data.message === 'Unauthorized' &&
      isSignedIn
    ) {
      store.dispatch(logout());
    }

    return Promise.reject(error);
  },
);

3. It is enough when initializing if there is a token, for example, to make a request for user data. And depending on the answer, draw the desired version of the application.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question