So, I'm trying to find best practices on how to solve authorization, not authentication, in a SPA application.
Say that I have client side MVC (angular, vuejs, etc.) with api backend, how do we manage using authorization for the application?
For example, the user and manager can access, but one has more access (functions in the view) than the others. If they use the same client-side user interface, how do you protect and display the correct view according to their access? There is an opportunity to get a list of your roles / claims and on the basis of this determine what to do from the client side, but because based on JS you can easily get around.
It seems to me that the client side mvc application may not be the right solution, and the SSR application is more suitable for this. If so, what about a mobile phone? How do you solve the same problem for mobile devices without the need to develop your own native application?
source
share