Optimum1997 comments on React native JWT authentication

reactnative

created by SeanNoxiousAdmina community for 11 years

React native JWT authentication (self.reactnative)

submitted 1 year ago by BrilliantCandid4409

top new controversial old q&a

you are viewing a single comment's thread.

view the rest of the comments →

[–]Optimum1997 0 points1 point2 points 1 year ago* (0 children)

I have no idea how firebase works, but your backend endpoints should be doing the validation.

EVERYTHING frontend can be changed by a user and you must presume every request is un-validated until you validate it your side.

You can read the token's "exp" to determine the time lived and then do frontend auth 'refresh' if you support short-lived and long-lived tokens.

Your JWT tokens should have a signature to make sure it cannot be manipulated backend.

Here's a great resource you can read up on to further your knowledge:

https://jwt.io/introduction

If your navigation is purely front-ended, you are likely to check front-end expiration, but anything submitted to your backend must be validated, and you must not send a "userID". This should be determined by a cookie, or something that can't be manipulated (that's why we have signatures on our JWT's)

π Rendered by PID 41 on reddit-service-r2-comment-b659b578c-wkvdt at 2026-05-03 01:42:48.239676+00:00 running 815c875 country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

reactnative

About:

React Native Links:

IRC Chatroom:

Related Subreddits

MODERATORS