Hacker News new | ask | show | jobs
by njknsdf 3661 days ago
You can store the user info in the JWT so you don't need to hit the database to get user info every time. I usually just store an id in each issued token and store/remove it from redis or memory as needed for invalidating it.
1 comments
ekryski 3656 days ago
You have to be careful that you are not leaking sensitive info though, as the JWT payload is meant to be visible on the client as well.
link