mcollovati
commented
6 months ago See https://github.com/vaadin/flow/pull/18769#issuecomment-1959365972 for proposed design
Open ilyasdotdev opened 7 months ago
mcollovati
commented
6 months ago See https://github.com/vaadin/flow/pull/18769#issuecomment-1959365972 for proposed design
Describe your motivation
One of use case to use JWT token to skip extra DB call for each request. like getting user id, or some other details. let say i am working for a hotel management system and for the manager role. i need the hotel id, then i will prefer to set hotel id in token, because It will prevent extra db call for each operation.
Describe the solution you'd like
we can modify JwtSecurityContextRepository##encodeJwt method and add extra claim just below the roles with Key "details" and pass the Authentication##getDetails. following this way programmer can create his own sub class of org.springframework.security.core.userdetails.UserDetails and returning it from UserDetailsService##loadUserByUsername method. whichever custom fields user created in his class will be available in jwt toke.