Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
razer962019-05-22 21:14:02
JSON Web Token
razer96, 2019-05-22 21:14:02

Is it necessary to check the user id encoded in JWT?

I have a simple and possibly stupid question. What do i do? In theory, the authentication service encrypts the user id in payloads when generating a token. And then I have a question, how can I check this ID when verifying a token on other microservices? Since other microservices do not have any information about the user? And is it important in general to check that the token is issued to an existing user? How can I get around this problem? Is it worth checking the user at all, or is it enough to check the token itself with a public key and just check the ip of the request and the ip to which the token was issued?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
I
Ivan Shumov, 2019-05-22
@razer96

There is no secret information in the token. If you have validated the token, then you must trust all the information that was provided

Similar questions
I
iliyaisd2019-04-01 17:27:36
Java + Spring: which authentication API way to use? 2Reply
I
Islam Dortkuliev2019-05-01 10:46:13
ASP.NET Core. JWT. How to revoke a token? 1Reply
C
Cyril2019-05-08 20:28:18
How to properly store a JWT token? 0Reply
S
Sergey2017-02-07 20:22:34
Where to store JWT? 0Reply
R
rshruslan2019-07-27 21:21:35
How to make authorization in native PHP with Vue (SPA)? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question