Next.js Discord

Discord Forum

Is passing authorization state via props or context from server to client components(not route)safe?

Unanswered
Kxlugu posted this in #help-forum
Open in Discord
Avatar
KxluguOP
For example, in page.tsx :- 

const { isLoggedIn, isAuthorized } = await useAuthorization(params.username);


and passing it down to its children client components via props (for shallow nested components) or via context (for deeply nested components, for example, a comments section) safe?

For the shallow example, 

export default async function UserPage({ params }: UserPageProps) {
  const { isLoggedIn, isAuthorized } = await useAuthorization(params.username);
  return (
    <div className="flex-1 w-full flex flex-col gap-12">
      <div className="flex flex-col gap-2 items-start">
        <Bio username={params.username} isAuthorized={isAuthorized}  />
      </div>
    </div>
  );
}


and inside Bio, I use react query to fetch the bio from my database, and conditionally render an Edit button next to it if 
isAuthorized === true


I will of course, authenticate the actual Bio edit server action as well, but I was wondering if this method of rendering the edit button is good practice or not. What should I use? HOC's? Server sided "hooks"?

tl;dr :- I want to conditionally render components (not routes) based on auth status, and want to know the best practice for it.

2 Replies

Avatar
Miniature Pinscher
What you have done is safe and common practise. An alternative would be to move the isAuthorized check closer to the (server)component which uses it, as opposed to being in the route.
Avatar
KxluguOP
Ohh really. Okay thanks! It just seems too simple that I assumed I'm missing something.