One piece not covered is bitwise shift, which is useful for setting flags in a clear way, for example.
const LIST_FRACTION = 1 << 0; // (001)
const LIST_UNIQUE = 1 << 1; // (010)
const LIST_SORTED = 1 << 2; // (100)
Beyond that, you don't need to check against the flag, since a match will be non-zero (truthy)
if (flag & LIST_UNIQUE) {}
I use Lighthouse built into chrome, but also use the WAVE and AXE extensions as well... they each have advantages/disadvantages over each other, with maybe 80% overlap.
Things you should put in your claims...
* token id
* real name
* account id
* email address
* user's roles/groups
example, here's a claims section from a devauth application I wrote.
{
jti: "GENERATED_UUID_FOR_THIS_TOKEN"
iss: "https://AUTHENTICATION_SERVER/"
aud: "https://APP_SERVER/",
iat: 1564526297, // Issued, seconds since unix epoch UTC
exp: 1564569497 // Expires, seconds from unix epoch UTC
sub: "USER_ID",
eml: "EMAIL_ADDRESS",
fnm: "FIRST",
lnm: "LAST",
aff: ["AFFILIATION",...]
rol: ["ADMIN",...]
}
OMFG!!! Do *NOT* put passwords or any secrets in your claims... the JWT itself is *NOT* encrypted/secure, the payload is only base64 encoded, the signature only confirms authority.
JSON.parse(atob(YOUR_TOKEN.split('.')[1]))
This is a *REALLY* bad example.
Have to agree with TFA... I really think hooks are a nice feature, and really necessary for more functional components... but they don't handle the problem of deep prop drilling or bubbling in general that Redux handles across an application, or portions of an app.
Double karma back was kind of my idea... mostly because if you downvote and it's deleted you are rewarded for effectively reporting. Considering the downvote cost, and that karma doesn't come up very fast on here.
One piece not covered is bitwise shift, which is useful for setting flags in a clear way, for example. const LIST_FRACTION = 1 << 0; // (001) const LIST_UNIQUE = 1 << 1; // (010) const LIST_SORTED = 1 << 2; // (100) Beyond that, you don't need to check against the flag, since a match will be non-zero (truthy) if (flag & LIST_UNIQUE) {}Things you should put in your claims... * token id * real name * account id * email address * user's roles/groups example, here's a claims section from a devauth application I wrote. { jti: "GENERATED_UUID_FOR_THIS_TOKEN" iss: "https://AUTHENTICATION_SERVER/" aud: "https://APP_SERVER/", iat: 1564526297, // Issued, seconds since unix epoch UTC exp: 1564569497 // Expires, seconds from unix epoch UTC sub: "USER_ID", eml: "EMAIL_ADDRESS", fnm: "FIRST", lnm: "LAST", aff: ["AFFILIATION",...] rol: ["ADMIN",...] }OMFG!!! Do *NOT* put passwords or any secrets in your claims... the JWT itself is *NOT* encrypted/secure, the payload is only base64 encoded, the signature only confirms authority. JSON.parse(atob(YOUR_TOKEN.split('.')[1])) This is a *REALLY* bad example.