stormy-gold
stormy-gold15mo ago

Auth provider and useGetIdentity() - passing userId if authenticated

Hello, I've set up my auth provider and with the login method, I'm able to authenticate a user. My backend responds with the user ID. Following the documentation and examples, I can use the getIdentity method in the auth provider to get my userId from localStorage. After logging in, the user is redirected to the home page, where i need to access its user Id. Again, from the documentation, I can use the hook useGetIdentity to get the authenticated user Id and use it where needed. It works, and I can get the user id as needed, to use inside my application, I believe I'm using it as intended, according to the documentation, but is it good practice to set user ids to local storage, regarding security? Is there any other way to achieve this, using refine? any guidance is appreciated.
4 Replies
kapa.ai
kapa.ai15mo ago
Hi @jaco0670. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
kapa.ai
kapa.ai15mo ago
---------------------- Yes, you're correct in using the getIdentity method in the auth provider to get the user's identity from localStorage, and using the useGetIdentity hook to access the authenticated user's information. Regarding your concern about storing user IDs in localStorage, it is a common practice in web applications. However, it's important to note that localStorage is accessible by any JavaScript code running on the same domain, which could potentially expose sensitive data to cross-site scripting (XSS) attacks. As an alternative, you can consider using HttpOnly cookies to store sensitive data like user IDs. HttpOnly cookies are not accessible by JavaScript, which provides an additional layer of security against XSS attacks. However, this approach would require changes in both your backend and frontend code to handle cookies instead of localStorage. In the context of refine, you would need to modify your auth provider to work with cookies instead of localStorage. Unfortunately, the provided information extracts do not cover this specific use case. You can refer to the refine documentation (https://refine.dev/docs) for more information on customizing auth providers and other aspects of refine. Remember that security is a complex topic, and it's essential to consider various aspects of your application to ensure a secure implementation. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
Overview | refine
What is refine?
kapa.ai
kapa.ai15mo ago
<@486442088280358912> kapa.ai is still learning and improving, please let us how it did by reacting below
adverse-sapphire
adverse-sapphire15mo ago
I think it won't be a problem since the 'token' you saved in localStorage is used temporarily. (I'm assuming there is a refreshToken mechanism) You can search the JWT keyword for this topic.
More Posts
In Need of DataGridPro Demo for Refine with MUI X v6Hello everyone, I am currently working on a Refine application where I'm trying to implement DataGrFront end and refine in the same projectI am trying to use Refine in just one project with the frontend of my nextjs 13 app dir project :). how to pinned columns using datagridi tried to pin columns but it is not working where i check the mui doc i found there is no pinnedColnew separated pagehi I want to make a page that I can move to it only when I click on a button inside another page soHow to limit the display of resources from users parameters?I have two type of users. One without ParentUserID (admin) Another with parenUserId (employee who haOverride built-in notification messagesHello! I would like to use the built-in notification provider but pass my own messages and descriptHow to use `<AntdInferencer />` with Next.jsHello, the examples provided in the docs for using the inferencer components is using some `<Routes>How to install a previous version?As I can see that there is a previous version 3.xx.xx in the docs, how do we install that? Like whilhow to add parent attribute to resourcei tried to add a parent to my resource but there is no parent attributesredirect issueas soon as the page loads on the screen it should be redirected to the login page. I have made the l