Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
lexstile2022-01-04 23:17:26
JSON Web Token
lexstile, 2022-01-04 23:17:26

If the token is valid, is it necessary to check for existence in the user's database?

Do I need to check for the existence of a user in the database when checking a JWT token?
Or does a valid token itself serve as proof of the user's existence?

Example, in payload I store the user id.
Do I need to check for the existence of a user with the specified id in the database?

As I understand it, this is an extra case?
I only came up with the case when they stole SECRET_KEY and created their own JWT with a non-existent id, but why?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
Sergey, 2022-01-04
@KingstonKMS

Naturally

Similar questions
S
Seva2017-08-03 13:59:25
DOMDocument and insertbefore? 2Reply
R
razer962019-05-16 17:29:44
How to validate a JWT on a microservice that does not have any information about the user? 1Reply
O
orbit0702019-06-26 11:27:58
I change the token and log in. How? 0Reply
A
alexkozlov19822019-07-18 10:27:49
How to combine JWT and OAuth in Symfony? 1Reply
G
Gagydzer2019-08-21 11:51:27
How to implement tab-safe read/write to localStorage? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question