Having recently delved into jwt authorization, I find myself transitioning from traditional user and password authorization to a more secure method. After grasping the fundamentals of jwt, I am eager to implement it in my workflow and have a question:
Upon gathering email and password in my login component, I proceed to send a signed JWT to the user if the credentials are correct. This token is stored using js-cookie. (So far, so good).
My approach in _app.js (leveraging nextjs) entails building the application as if no login were required. If a component necessitates data, the app fetches it accordingly. However, if the data fetch fails, I redirect the user to the login screen to ensure seamless authentication as long as a valid cookie and token are in place.
Is there a more effective strategy I should consider?
Post feedback from the comments:
I have since integrated Auth0 login into my app, restricting sign ups and managing user profiles through the Auth0 database. This modification has slightly extended my setup time due to configuring another third-party service. Nonetheless, the added security measures are worthwhile.
My revised inquiry now is: Should I forego using JWT since I can rely on the authenticated user via Auth0? Despite this trust, I hesitate to eliminate JWT as my API remains unprotected by JWT. Consequently, it seems my primary question remains unchanged.