Answer the question
In order to leave comments, you need to log in
Is it necessary to check the user id encoded in JWT?
I have a simple and possibly stupid question. What do i do? In theory, the authentication service encrypts the user id in payloads when generating a token. And then I have a question, how can I check this ID when verifying a token on other microservices? Since other microservices do not have any information about the user? And is it important in general to check that the token is issued to an existing user? How can I get around this problem? Is it worth checking the user at all, or is it enough to check the token itself with a public key and just check the ip of the request and the ip to which the token was issued?
Answer the question
In order to leave comments, you need to log in
There is no secret information in the token. If you have validated the token, then you must trust all the information that was provided
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question