My code - // Appclass App extends Component { render() { //... - Pastebin.com
I check token on each component (page) render from for set of protected pages. On each request to backend I send auth parameters:
axios({
url: crmApiURL + url,
params: {
...extraParams,
...authData
}
//...
var authData = {
action,
user_access_token: accessToken,
timestamp: currenttime,
hash: _signData(action, currenttime, crmApiSecret)
};
At backend for group of protected routes I have middleware which checks: my selfmade hash, lifetime of request (I’ve set some real empirical value for my conditions, something about 5 sec), validity of JWT (request to Auth0) again and then check user’s permissions for access to requested route (based on payload inside JWT). What can you (or anyone else) say about security, can we say that my communication of React and backend is secure? And I am using SSL for CRM.
P.S. As you see in my code, I store JWT in React Redux store.