Hello, I am using the frontend token payload to st...
# support-questions-legacy
w
Hello, I am using the frontend token payload to store user role and I am using this payload to check for access role in the backend, how safe is this approach? I manipulated the frontend token to change the role but the backend still sees my correct, true role instead of the manipulated role. So I assume this is safe?
r
Hey @wdjzr . Yea.. essentially, the frontend stores the access token's in a separate token which is only read on the frontend. The backend reads the access token payload from the actual access token - which is httpOnly cookie (so frontend JS cannot read/ write it), and is also crypto signed so that someone cannot manipulate the contents of it manually either.
w
Super! Thank you so much
Just wanted to be safe 😛
2 Views