My authentication endpoint asks for username and passwordand if the they are correct, it sends back a JWT as response.
Lets say I would like to display information about the user who logged in.
My question is, How should the frontend recognize which user has logged in?
Maybe based on the JWT?
Or should the backend send user information(username or id) along with the JWT so then the client can call an api(with the jwt in the header) that responds with the information of the user?
CodePudding user response:
For non sensitive information, you can store them in the JWT but be aware that it is stored in clear inside the JWT, anyone having access to the JWT will have access to the information.
If you store an ID, there will be no personal information stored, and if you request your api at something like /me, the endpoint would read the user's ID to report the meaningful data.
I think you should read a little bit more about JWT, it seems like you are using them without really knowing much about those.