Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
loljapanes2021-11-11 21:58:35
JSON Web Token
loljapanes, 2021-11-11 21:58:35

Is it ok to store roles in jwt token?

Can you please tell me if it is normal and generally possible to store roles in a jwt token? For example, this is how payload looks like

{
  "id": "1",
  "role": "admin"
}

After all, it's easier to use roles and not make unnecessary requests to the database. Also from a security point of view is this ok?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
L
low molecular macro, 2021-11-11
@loljapanes

JWT does not guarantee security for sensitive data as it does not hide or encrypt payload content by default. Essentially, tokens are used for authorization.
Therefore, storing the role in the payload of the token is the norm. And the password, pin from the card or home address is not the norm.

Similar questions
S
Sergey2019-08-30 11:31:05
What is the cause of the npm error? 1Reply
E
Eugenue Cesarevich2021-03-26 23:45:58
How to clear localStorage after closing all tabs with a site? 3Reply
D
Dmitry Kolyada2019-10-03 17:17:43
How to get rid of thread conflict when the authorization key is outdated? 1Reply
M
Michail2017-06-02 00:13:26
How to refresh jwt token without user? 1Reply
M
Maxim Tarabrin2017-07-11 14:58:25
How to pull out the expiration time from a JWT token? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question