Menu
I'm building an android app and planning to use Json Web Tokens (JWT) for authentication.
Once my server returns a response with the generated token, does it make sense to decode the token on the client side to read the payload or should I use the token strictly as an authentication mechanism and make a second request to get the user's info?
Thanks
921
As most things, it depends. If you control the authorization server (i.e. it's your API you are calling), I don't really see any issues with reading the contents of the token at the client side.
If you are calling a 3rd party API and authenticating against a server you do not control, I would not take a dependency on the contents of the JWT token. The 3rd party may decide to change the claims in the token or even start encrypting the token.
61
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
