I need a way for the frontend to know if the signed user is an admin
By now I have used the cookies as a place where I can store my token in the frontend and then decode that token in react and use is the admin value from the decoded token object, but this means that my token cookie is can't be secure or httpOnly. So I figured out that there must be a better option for this, so here I am. I would really appreciate any help.
P.S. I am quite new to this, so this may be a really simple solution, but I couldn't find anything useful on the internet
Once you decode the auth token from the cookie, you can request user details for that specific user Id from your backend API, which will give you the user role, if the user is admin or not.
It's secure because it is directly coming from your API, which is getting it from your database.