DEV Community

Kiran Lakhotia
Kiran Lakhotia

Posted on

Why we should (or shouldn't) separate login details from profile details (Spring Security)

Do people usually separate out login details (such as username/password/account lock status etc) into a separate entity (db table), or do they just have a single user entity which also includes things like name, avatar etc.?

I have always gone with a separation between account (aka login) details and profile (i.e. personal) details. However, more recently I'm struggling to see the benefit of doing so. The only use-case I can think of is if a user can have multiple logins and we'd want to map each of those to a single profile. However, our use case doesn't cover that.

Thoughts :)

Top comments (1)

Collapse
 
kiranlak profile image
Kiran Lakhotia

I should add that we're not using an external login/authentication service, which might be another good reason to maintain two separate entities.