0

I am developing 'write comment' using angular5 and jwt.

When a user writes a comment, it send the comment content to the server along with jwt token.

In this case, should the server handle the author information in a jwt token?

Or should I pass the username together?

I would like to know if there is any universal development method or reference.

fly high
  • 215
  • 1
  • 4
  • 18
  • 3
    You should send the username in the jwt, and then the server can decode it in order to get the username. Rememer to also verify the token for security reasons – John Aug 20 '18 at 08:49
  • 1
    Never pass user information directly - this is not secure. If you're passing a JWT token you are probably storing all user information you need in the token for the server to handle the client authentification. – T A Aug 20 '18 at 08:50
  • Copy & paste your token here, and see what it contains : https://jwt.io/ –  Aug 20 '18 at 09:01

1 Answers1

1

i want to ask you are you considering author information a sensitive information like password if not, please refer the below answer :

if your JWT token already contains the author information then there is no need the send the username as JWT that is sent already contains it and you can verify and get it from the JWT payload, and in case if it does not contains the author Information in JWT I advise you to add it to the JWT payload, as every time user adds a comment username is needed to be sent so there is no point in sending it separately also it is always advised to use HTTPS connection when using JWT.

also always verify the JWT on the server side with the help of server secret for its authenticity you can, for example, use a Spring filter which will intercept all the authenticated request and check the authenticity of JWT token.

also, I request you to please refer the following link :

https://jwt.io/introduction/

https://stormpath.com/blog/jwt-the-right-way

aditya gupta
  • 403
  • 2
  • 10