This is slightly tricky. This is no longer authentication but rather authorization.
I'd argue it's a good idea to put any authorization details into JWT especially in cases where you have a dedicated identity service which provides identity to different services and each service could interpret role differently. Have done it - burned-out.
This is slightly tricky. This is no longer authentication but rather authorization.
I'd argue it's a good idea to put any authorization details into JWT especially in cases where you have a dedicated identity service which provides identity to different services and each service could interpret role differently. Have done it - burned-out.
Anyway, that's a good introduction!
Thank you very much! :)