I am developing 'write comment' using angular5 and jwt.
When a user writes a comment, it send the comment content to the server along with jwt token.
In this case, should the server handle the author information in a jwt token?
Or should I pass the username together?
I would like to know if there is any universal development method or reference.
i want to ask you are you considering author information a sensitive information like password if not, please refer the below answer :
if your JWT token already contains the author information then there is no need the send the username as JWT that is sent already contains it and you can verify and get it from the JWT payload, and in case if it does not contains the author Information in JWT I advise you to add it to the JWT payload, as every time user adds a comment username is needed to be sent so there is no point in sending it separately also it is always advised to use HTTPS connection when using JWT.
also always verify the JWT on the server side with the help of server secret for its authenticity you can, for example, use a Spring filter which will intercept all the authenticated request and check the authenticity of JWT token.
also, I request you to please refer the following link :