'Clarifications on JWT Authentication and User Data
I am implementing JWT Authentication for the first time on a Vue SPA (django rest framework on backend), and I am really struggling to come up with a good flow for managing my user data.
My question is simply this: Should I make an API route to retrieve the authenticated user from the access token, or should I put user data needed by my frontend within the payload of the JWT and save it on local storage?
If I choose to put all user data needed by the frontend into the payload of the JWT, how am I supposed to maintain a strong user experience with user data that constantly changes? Aren't I at the mercy of my refresh token requesting an access token? Because only then will my frontend decode a new payload with the new user data that can be displayed on the pages.
On the flip side, if I make an API route that retrieves the currently authenticated user, I am ignoring the scalability benefit behind JWTs, and will need to make a db hit frequently.
Thanks.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|