✅ Extra query for user or attach it to the context?
Hello!
A Web API uses a JWT for authentication. Is it better to query the user based on the claim extracted from the token or just attach it to the database context, assuming the user already exists? That would save an extra query and if the user did not exist EF would throw an exception. Is this suitable, or is it better to query the user?
4 Replies
the point of JWTs is to avoid hitting your database to get user information because it's contained in the token itself
you shouldn't issue JWTs that contain invalid information
Got it, thanks!
in the most ideal case, you can operate based on the information of the JWT. The JWT will tell you what the user is allowed to do, you don't have to check the database
but it's not always as easy
Use the /close command to mark a forum thread as answered