i m trying to figure out how to accomplished these thing . i m using loopback as backend and vue as front end
1.how i can use tokenid generated by loopback in vue for eg:-
localStorage.getItem('tokeid of loopback');
will it work for accessing other model whose required authentication in loopback
2.token generated by loopback is secure or required something else??? if yes how? i can achieve
is there anyother method to do this ?
I've been using your same stack during the last year, Loopback + Vue.js.
After the user logs in, the access token is stored 'as is' in a cookie and it gets taken back on every full page refresh. Local storage is also fine, just remember that both the tools are exposed to some attacks.
If the token is missing you may want to redirect the user to the login page.
The way you react to 401s from your APIs depends on your application. Authorization is established on the backend, Loopback offers very easy configurations for ACLs and model endpoints exposure (sometimes the naming is misleading though).
However, the frontend UX should reflect the backend authorizations. You can either log out the user or notify her that she doesn't have the right permissions to perform the action, letting her contact the customer support. IMHO when the UX is well done you have no 401s.