Let's imagine I have a website with a React front-end that renders two pages, one is "View Data" and the other is a welcome page with a login form.
Scenario: You log in and the server accepts it and you get a JWT. When you click on "View Data" the server is sent the Token and it views it as valid. What does the server send back to allow the front-end to display the page, does it just resend the token? Couldn't the front end save it? Can't a REST response be spoofed/modified within the browser developer tools? If not, I know you can set JavaScript variables and such, so I'd have to imagine that it wouldn't be difficult to access the protected page. I can protect the data, but I don't understand how to properly protect the page itself.
To reiterate the various questions:
- What does the server send back, does it just resend the token?
- Can't a REST response be spoofed/modified within the browser developer tools
- If not, I know you can set JavaScript variables and such, so I'd have to imagine that it wouldn't be difficult to access the protected page. If this is the case, what is the solution?