martiangirlie
commented
3 years ago Angular 11 Jwtmodule from auth0/angular-jwt https://www.techiediaries.com/angular/jwt-authentication-angular-9-example/
Levels
Or
Grants of what you’re allowed to do
- create an event
- modify an event -search across events
- etc. buckets of things you want to do, apply roles to it
Every time a user request comes in, does this person have access?
Authentication, who are you. Authorization -> what are you allowed to do.
When hitting the api, make sure it’s an SSL connection so it’s secure.
Local storage is secure, so use that.
Every request you make has the token, token is a short lived string which tells server who you are.
After that request dies, send them back to login screen.
Request token vs refresh token. (Remember me for 30 days)
Front end: login grab token, store it in local store. Next time you go to something that needs security, get it and send t to api.
Backend, when you login, check usernamepass, get userid, put that in jet token and send it out, store it in local storage. next calls use that token to check date (any x time after date is expired) and also checks the user id.
Encryption Secret key vs public key
User levels (0-4), or use a string ROLE_USER ROLE_ADMIN ROLE_XXX Assign a level to a user, by putting it as a prop on their object.
See if I can just get a log in and log out example going from the article.
User can sign up for an account, or log in to the client with an existing account.