DEV Community

loading...

Discussion on: React authentication, simplified

Collapse
tyrw profile image
Tyler Warnock Author

Hi @kennymanman , a user is considered "logged in" if they have a JWT access token. So in general you have 2 options: check for the token in the browser or check for the token on the server.

If you check in the browser, you don't need a backend, but a savvy user could disable JavaScript (which would disable your check), and still view the page. So this approach should only be used for things that aren't sensitive.

If you check on your server, you can choose to never send the page in the first place, so a user couldn't view the page. The downside of this is of course that you need to have a backend server.

Do you have a sense for which one you would want? If it's the latter, what tech stack would you use for the backend?

Forem Open with the Forem app