It's clear that we need to an ideal SPA will  have a way of viewing reading  the local authentication data for use by the application logic. logic in order to authorize the rendering of a particular view.  However, special care needs to be made to prevent someone interacting with the developers console to be able to change the local authentication data in order to gain access to restricted parts of the code by elevating their permissions.