`ClientBase` (v1.0b8) UserId shouldn't be supplied to create. UserID should come from JWT or it's not secure.

drobadey / test-project

1 stars 1 forks source link

`ClientBase` (v1.0b8) UserId shouldn't be supplied to create. UserID should come from JWT or it's not secure. #3

Open Grant-ICF opened 3 months ago

Grant-ICF commented 3 months ago

Question. For the UserID. I removed the endpoint to create a new UserID and for the other schemas (i,e., ClientBase) should I remove the UserId or still include them? Any ideas on how UserID should be used in API would be helpful. @drobadey

drobadey commented 3 months ago

I have mixed thoughts. On one side, I think that field should always be populated by the UserID tied to the API. At the same time, I can see that field being populated manually for reporting purposes.

I think it might make most sense for UserID to be tied to the API user ID (that it always auto-populates rather than being manually entered/edited

Grant-ICF commented 3 months ago

In the scenario where I am creating a new record, I would still need a DateCreated, DateUpdated and UserID. The DateCreated and DateUpdated should be generated automatically from the system and the UserID should come from the token.