I am using Asp.net Identity Core and made some claims in "AspNetUserClaims". Now I am wondering if I should add all these claims to the JwtSecurityToken when a user logs in?
Or should I be grabbing them another way?
Asked
Active
Viewed 210 times
1 Answers
0
Usually we store identifier claims like userid/username , role info like guest/admin in JWT tokens . You can click here for more details about claims in JWT token.
You can add user's claims which are small , important to your client to JWT token . If doing that , be careful with the size and better not include sensitive information.
But I would recommend not to keep the user profile info into claims . You can use the token to make Api call on server to get the user's profile information by looking up the database .
Nan Yu
- 26,101
- 9
- 68
- 148
-
yea I understand storing their role in the jwt token but what about individual claims of that role like "can_read" or something like that. Or is it better to just query that stuff later? – chobo2 Dec 13 '18 at 17:32
-
@chobo2 This is role info, you can add that in JWT token . – Nan Yu Dec 14 '18 at 01:25