How are you?
Me..? Well, I'm having some trouble, haha!
I'm using a microservices API architecture on a project where the APIs and GatewayAPI is developed with Python's Pyramid framework, and the main frontend is built with React.
Simple workflow ilustration: https://i.sstatic.net/box3c.jpg
The problem is: where do I safely store the authenticated "session data", like username, user_id, first_name? After logging in, I don't want to make new requests to the user's API just to get these information that will be constantly used.
I know I can store this coded data in the JWT token and store the token in the cookies or the localStorage, but is this the right place? And is this the right process?
If this is the right place, do I need, everytime, to send the decoded data to the frontend as part of the GatewayAPI response?
Thank you for the reading and I hope you guys can save me!
You can store the JWT in a cookie or localStorage it does not matter. I personally do so in localStorage.
Regarding your question about decoding the data, this is handled by the backend. All you need to do is include the JWT in every API call and the API will know which user is calling without the need to send the data back and fort.
I would also recommend you create tokens with an expiration date for added security.
For examples you can take a look at pyramid_jwt
