• r

    rp

    2 years ago
    But this is debatable. Cause the JWT is not meant to be accessible on the frontend anyway.. but this is what I am conmfortable with
  • Sun Walker

    Sun Walker

    2 years ago
    Yeah I too agree, it's a good balance between risk and making things easier for FE
  • r

    rp

    2 years ago
    FE?
  • Sun Walker

    Sun Walker

    2 years ago
    front end
  • r

    rp

    2 years ago
    Hmmm. How frontend?
  • r

    rp

    2 years ago
    Cause the frontend can’t access this token anyways
  • Sun Walker

    Sun Walker

    2 years ago
    oh but dont you need to access the JWT payload or userid on the front end to show certain data and do certain things
  • r

    rp

    2 years ago
    Ah. For that, there is this thing called open ID connect tokens. Which we have not implemented yet
  • r

    rp

    2 years ago
    For now, u can just call an API that will send u info about the user to ur frontend
  • r

    rp

    2 years ago
    But this JWT should never be accessible from the frontend. Cause it can be stolen via XSS attacks.