Comment by Xingheng Wang on "Private Route With JWT and ReactJS"

CommentPrivate Route With JWT and ReactJS

Xingheng Wang

Co-founder Moesif.com (API analytics). Previous Microsoft & Zynga. CS from MIT.

Feb 16, 2019

Not sure exactly what your scenario is:

react router (even if you support SSR) ultimately it is intended for use on the client side javascript.

And just by rule, you should not to try secure stuff on the client side. Use JWT on the API, and the API server should verify if user can access a resource.

Vinicius Alberkovics

Feb 17, 2019

I have a client that will make a redirect to my page in the logged area, I need to validate the access of the token and receive some information by the body of the message in the page

Xingheng Wang

Co-founder Moesif.com (API analytics). Previous Microsoft & Zynga. CS from MIT.

Feb 17, 2019

definitely validate the access of the token on the server side, and let the server API decide to provide information or not. If token valid, let it succeed, if not valid, return 401 errror on the api.

make react router dumb. on the page where the information suppose to be protected, call your backend API to loaded the information on "componentDidLoad" or something, if succeeded, display the information, if get 401 error, you can use react reouter middleware or something to kick people autoatically out to another page that says login required.

Although you can keep some state on the client side, like "if user logged in, i.e user have a token or not", if user don't have a token, you can use react router to automatically direct user to a login page to obtain a token.

But all VALIDATION must be done on the server side api.

Search Hashnode