User object on client side in front-end
Question
I am developing a back-end API in Node.js using Express.js framework and implemented JWT authentication using Passport.js .
Users register, sign in using their usernames and passwords and receive a json web token generated in back-end which then is used to authenticate further requests.
What I want to achieve is to always display a piece of current user information in the front-end while user is logged in. That information is subject to frequent changes based on the user or even other users interaction with the API.
What is the common technique for this? Should I send a user object with every response from the API or should I send it once as the payload in the JWT, store it on the client side and update it on demand with separate requests to some user API endpoint?
Actually, can JWT payload even be used for storing such things as user objects, is it intended for this? As I feel it is a bad idea to store some important information other than some user identifier in the JWT payload.
1 answers
solution1
2 ACCPTED 2017-01-16 21:39:04
A JWT is valid until expiration time. Including data in the token that change frequently means that the JWT could be invalid, but it would be accepted anyway by your server. If you do not want to deal with blacklists consider carefully what data are you going to include and request dinamycally the other data.
But, without including any user data into the token you are not taking profit of one of the JWT advantages: the server does not need to query database in each request, since you can trust in data contained in JWT.
Eg you can include fullname or dateofbirth and consider to include roles if they do not change frequently
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.