I wanted to know your thoughts on what's the preferred way to handle claim/attribute based authorization in app router for both server and client side.
In my case, I fetch those claims from an external endpoint on user login and currently I save them in HTTP only server cookie and in zustand for client side use.
But what's buggin me is that If I save those permissions in http only cookies to access them in middleware to protect the pages the user can see the plain object in the devtools, maybe there are ways to hash this object ?