SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Hello, I am using the frontend token payload to store user role and I am using this payload to check for access role in the backend, how safe is this approach? I manipulated the frontend token to change the role but the backend still sees my correct, true role instead of the manipulated role. So I assume this is safe?

Hey <@632664584209170481> . Yea.. essentially, the frontend stores the access token's in a separate token which is only read on the frontend.

The backend reads the access token payload from the actual access token - which is httpOnly cookie (so frontend JS cannot read/ write it), and is also crypto signed so that someone cannot manipulate the contents of it manually either.