Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
loljapanes2021-11-11 21:58:35
JSON Web Token
loljapanes, 2021-11-11 21:58:35

Is it ok to store roles in jwt token?

Can you please tell me if it is normal and generally possible to store roles in a jwt token? For example, this is how payload looks like

{
  "id": "1",
  "role": "admin"
}

After all, it's easier to use roles and not make unnecessary requests to the database. Also from a security point of view is this ok?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
L
low molecular macro, 2021-11-11
@loljapanes

JWT does not guarantee security for sensitive data as it does not hide or encrypt payload content by default. Essentially, tokens are used for authorization.
Therefore, storing the role in the payload of the token is the norm. And the password, pin from the card or home address is not the norm.

Similar questions
S
Seva2017-08-03 13:59:25
DOMDocument and insertbefore? 2Reply
T
takoyklasnii2019-10-17 14:02:01
How to make middleware jwt? 1Reply
R
romaro2021-04-28 13:01:14
Are there errors in my magic link authentication scheme? 0Reply
I
IDONTSUDO2019-11-21 11:59:16
JWT how to kill sessions? 1Reply
H
heducose2017-07-23 00:42:22
When to provide an id_token and when an access_token? How to use them correctly? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question