Check JWT authorization vuejs?

Good evening. Not quite clear the essence of the test JWT authentication in the router. In fact it is necessary to check not equal if the token is null. But in local storage, you can record yourself (the user) something via the console. In connection with this question: will there be enough of such inspection authorization? All uploaded data are checked for authorization on the buck. And the associated question of will there be enough authorization no refresh token?
April 3rd 20 at 17:32
3 answers
April 3rd 20 at 17:34
Solution
And the associated question of will there be enough authorization no refresh token?
.
This token is not just used.

1) You do not make the user login every time you expire a primary token. Token updated without user intervention by using the refresh token.
2) If you have stolen tokens - your refresh token becomes irrelevant , the site requires that you have passed authentication with login and password. After successful completion of this procedure you will be issued a new pair of token and refresh token. Accordingly, kidnapped you have refresh token turns into a pumpkin. So when the usual token the attacker is rotten , he can't get a new one.
After successful completion of this procedure you will be issued a new pair of token and refresh token. Accordingly, kidnapped you have refresh token turns into a pumpkin.


Refresh token to turn into a pumpkin, but if you turn it into a pumpkin, and this implement is well only in very specific cases, since the user will not be able to work with the system simultaneously from multiple devices. - Fermin commented on April 3rd 20 at 17:37
otherwise, possessing "refreshem" you become a full-fledged user, even knowing the login password. I think if we have stateless login if you were on the other device is the lesser of two evils. Or not? - Alejandrin_Okuneva commented on April 3rd 20 at 17:40
@Alejandrin_Okuneva, in order to become a full user of the system need to know not only refresh the token but the client id and client secret, because for this to update the token needed is the data. - Fermin commented on April 3rd 20 at 17:43
April 3rd 20 at 17:36
Solution
It is not necessary for tokens to use localstorage in this article deployed why.
https://habr.com/ru/post/349164/

About refreshtoken, see for yourself, if you store only the user id, the jwt is small, it is possible and so drive on the network.
April 3rd 20 at 17:38
Solution
1. Enough and simple JWT encode the unique identifier of the user and give it to the client, there is a record in localStorage and then just add to the queries.

2. @Eve.Parisian97 , judging by the comments to the article, the author is not quite right. Use localStorage isn't so bad
While keeping a bunch of conditions, in the case of cookies these assumptions less.
Read the full comments, there are a lot of things. - Eve.Parisian97 commented on April 3rd 20 at 17:41

Find more questions by tags Vue.js