'Do JSON-Web Tokens (JWTs) cover both authentication and authorization?

I am researching on how to create a blog website that allows a user to sign in and based on his/her user role they can edit blogs, delete blogs, etc. but only if they are the user that created that certain blog. However, another user can sign in and if he/she does not own a certain blog, they can only view the blog and not edit or delete. Before I dive deep into this project, I was wondering if JWTs would, by itself, be able to accomplish this mission or is there a better technology for this functionality? Thanks!

javascriptnode.jsreactjsjwt


Solution 1:[1]

Store user's role in your database and while generation fresh jwt for user set key/value pair describing user's role. That's it for role based Authorization using jwt.

This is nice short post related to role based Authorization using jwt

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 ht006

Related Questions

React Router with optional path parameter

How to dynamically update google recaptcha sitekey?

How to dynamically update google recaptcha sitekey?

Remove duplicate in a string - javascript

Remove duplicate in a string - javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Find an element in DOM based on an attribute value

Redirecting html page with javascript

Find an element in DOM based on an attribute value

Find an element in DOM based on an attribute value

Redirecting html page with javascript

How to find x and y coordinates of a button while using keyboard navigation?

How to find x and y coordinates of a button while using keyboard navigation?