DEV Community

loading...

Discussion on: Using JWTs for Authentication in RESTful Applications

Collapse
orkon profile image
Alex Rudenko

I think that would work for the session/client-auth use case. I mostly use JWTs in a distributed system where a token is an authorization to access a specific service (also backend-to-backend). For this use case, I always need the user ID in the token. Constantly changing identifier would be problematic to use because the service does not have access to the session or user data usually.