0👍
Although it is correct that the code is client-side in an SPA, restrictions for accessing pages can still be set in place.
VueJS exposes several lifecycle hooks even before elements have been added to the DOM. In this space, you can make a network request to an authentication service. In your request, you would send a token (rf: jwt).
await the response and you can redirect users to the login page, or continue with the component mount.
Source:stackexchange.com