Home > Net >  is it okay to store a lot of variables inside the token object in NodeJS
is it okay to store a lot of variables inside the token object in NodeJS

Time:11-05

Hey im implementing authentication using NodeJS expressJS mongoDB / React native is it okay to have a lot of variables in the token object like this example ?

 const token = jwt.sign(
          {
            userId: user._id,
            isAdmin: user.isAdmin,
            isBanned:user.banned.isBanned
          },
          process.env.TOKEN_KEY,
          {
            expiresIn: "24H",
          }
        );

I added the isBanned one so i can check for it directly when the token goes to the frontend so i won't have to fetch for the user data again to get it ! Is this the best way to check if the user is banned ? and Finally is it okay to put up to 3 variables on the token

CodePudding user response:

For security reasons, it's not safe to store users datas in a JSON Web Token.

Typically you should only store the minimum datas needed to identify your user, meannig an ID.

You should also, if possible, use an unpredictable ID because numeric IDs are predictable.

The best is to have an alphanumeric uniq ID.

If you need to get some extra information once you user login, you can easilly issue a request to your API to retrieve informations...

Don't forget that token is given to the client by the server after a successfull login to avoid authenticate user at each request, not for retrieving informations.

  • Related