stackoom
  简体   繁体   中英

What to store in JWT key

 原文  2022-05-15 18:52:37       security/ jwt

Question

Im newbie in web development and security. Im developing something like a social media. I need to know what store in my JWT token. I think that would be good store user id (primary key from database). This way I could lookup all stuff about the user eg full name, unique username, profile photo, and posts from the token.

Since JWT is easily decoded it won't be insecure save the user id? Someone that stole the token could use the id to run some SQL in my database? Would be better save info about user that is already public like unique username?

1 answers

solution1
 1  2022-05-15 18:58:37

This is a deep topic, regarding JWT and security. There is many different ways to store a JWT, such as in Local Storage, Session Storage and in a Cookie. There is advantages and disadvantages to each method, and keep in mind there is no 100% secure way of storing JWTs.You should store the user's id in the JWT and NEVER sensitive information. You can learn more by researching each method of storing JWTs.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question JWT: What's a good secret key, and how to store it in an Node.js/Express app? How to safely store & process secret key for JWT What is the best practice to store jwt token in client side? what happens to JWT if someone gets my private and public key? Where to store a JWT token? What to use for a encryption key and where to store? Is it safe to encrypt my JWT authentication token client side if I don't store the key? JWT with user password in key RSA JWT key rotation period? How to generate and access key for JWT
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM