Using JSON Web Token in the Controller

Jun 26, 2019 12:25:40

Hi all,
I am building a quiz application using Java Spring and Angular.

On some of my server endpoints, I need to return the data according to which user has sent the request.

For example,

I have a GET request that retrieves a quiz object by id.
and I need to add some additional information on that object for the specific user that requested it (information like: the user's answer).

I am thinking of three ways to do this:
1. To send the user id from the client.
2. To exctract the user id from the token (I am not sure how exactly this can be done)
3. To retrieve the additional information in a separate request.

What do you think the most elegant way to perform this?

Thanks in advance.

Jul 02, 2019 21:34:36

You should just have one request that the client needs to make. If the data comes from different places then you should make another endpoint that aggregates the data.

Jul 03, 2019 02:02:11

How are you keeping track what user is logged in, and where and how do you store what answer a user has given to a particular question?

Jul 06, 2019 12:12:53

Al Hobbs wrote:You should just have one request that the client needs to make. If the data comes from different places then you should make another endpoint that aggregates the data.

I am using JWT for authenticating users, I tried to take the user id from the token that exists on the request header, and return the data according to the user.

A user requests a quiz and gets the quiz resource back along with his answer for that quiz.

But I am wondering if this is a good practice or should I split the request into two requests: first get the quiz , then get the answer by user.

You think splitting the request is a better approach ?

Jul 06, 2019 12:24:08

Stephan van Hulst wrote:How are you keeping track what user is logged in, and where and how do you store what answer a user has given to a particular question?

I am keeping track of the login using a Json Web Token. I have an authentication filter in the server that makes sure the token is valid before the request reaches the Controller.

And regarding storing the data,

I hava a "user_answer" table that stores: quiz_id , user_id and quiz_answer_id.

On my current impelementation I have and endpoint that adds an answer to the table and another endpoint that retrieves a quiz.
Both of them take the user id from the token,

But I am wondering if this is a good practice or should I split the request into two requests

(at least the one that retrieves a quiz) :
first get the quiz , then get the answer by user.

Jul 06, 2019 18:52:49

JSON web token serves two purposes: to authenticate user, and to store user session related information. So, yes, user-id, their last question, are all fair bets, for adding to JWT.
About splitting of APIs, ideally, you should not mix adding data (POST) with getting data (GET). So, you should keep them separate.