loading...

re: Using JWTs for Authentication in RESTful Applications VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Excellent point, Alex! I'll update my lecture and code on this as it clearly would be a potential leak. What do you think about using a constantly ...
 

I think that would work for the session/client-auth use case. I mostly use JWTs in a distributed system where a token is an authorization to access a specific service (also backend-to-backend). For this use case, I always need the user ID in the token. Constantly changing identifier would be problematic to use because the service does not have access to the session or user data usually.

code of conduct - report abuse