I have a token that I sent to my backend where I verify it (jwt). Is there any difference in sending back the token itself or the userId I created on the backend to the client to store ?
I need specificaly the userId in my client only once. The jwt /or userId I need otherwise to authenticate user (if I get back token user is authenticated). However for this it doesnt matter if I get back the token or userId as userId is only being created once a jwt is issued on backend.
CodePudding user response:
The token is used to authenticate a client. The userid does not give direct access to the client as the JWT would.
CodePudding user response:
Usually you need jwt for authentication, so client needs to store jwt and send it with requests.
In your case sending the jwt back to client is redundant (as you just received it from client). Sending userId is totally fine, but your question doesn't describe why you need it
CodePudding user response:
Token based authentication is more secure compared to using userid based authentication, as it protects against MITM attacks. As every request will use token for authentication.