Home > Enterprise >  Is manualy updating JWT access_token data considered a bad practice?
Is manualy updating JWT access_token data considered a bad practice?

Time:01-20

In my application I use custom data stored in token heavily - almost in every endpoint. Now I wanna add some data AFTER the user logs in (it's super important). I was wondering if kinda replacing old token with a new one is a bad practice?

Let's say user logs in and he receives this token:

{
...
"sub": {
    "someParam": false
},
...
}

but after some action I want someParam changed to true:

{
...
"sub": {
    "someParam": true
},
...
}

CodePudding user response:

It seems like you're trying to use the JWT as a session storage mechanism, which is not a good practice. If you need to check the validity of the JWT in the database on every request why not just use sessions and keep the relevant data server side?

Also, how do you plan to deliver such an updated token to the user? I think that it will be much easier for you to keep the data in the backend and just use sessions.

Page link:https//www.codepudding.com/Enterprise/270011.html

Prev:Perl: Capturing variable cannot be set undef?
Next:Why can't I just use this array without specifying its size?
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding