英文:
Id token and access token and user info
问题
我使用Angular作为前端,使用Spring Boot作为后端。
后端需要知道经过身份验证的用户。
似乎有一个ID令牌和访问令牌。用户角色访问将由Spring Boot应用程序管理。
我需要用户ID、用户电子邮件等信息来搜索数据库以获取角色。
我看到后端不应该使用ID令牌,但我认为只有ID令牌提供了用户信息?
编辑
例如,在在线会计应用程序中,当用户获取帐单xyz时,我需要确保这张帐单的所有者...以避免返回另一客户的帐单。这样知道连接的用户就非常重要。
英文:
I use angular for the front end and spring boot for the backend
Backend need to know the authenticated user.
It seem to have an id token and access token. User role access would be managed by spring boot app.
I need to user id, user email... to search db to get role.
I read backend end should not use id token, but i think it's only the id token who provided user info?
Edit
example in a online accounting application, when user get bill xyz, i need to be sure is the owner of this bill... to want to return bill of another client. that way it's important to know the user connected
答案1
得分: 1
你可以在前端使用msal。
然后使用令牌调用后端。
令牌包含用户电子邮件地址。你可以在后端从令牌中读取电子邮件地址。
英文:
You can use msal in the frontend.
Then make the call to the backend with the token.
The token contains the user email address. You can read the email address from the token in the backend.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论