• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Junilu Lacar
  • Liutauras Vilda
Sheriffs:
  • Paul Clapham
  • Jeanne Boyarsky
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Piet Souris
  • Carey Brown
Bartenders:
  • Jesse Duncan
  • Frits Walraven
  • Mikalai Zaikin

Using JSON Web Token in the Controller

 
Ranch Hand
Posts: 41
Python Angular Framework Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,
I am building a quiz application using Java Spring and Angular.

On some of my server endpoints, I need to return the data according to which user has sent the request.

For example,

I have a GET request that retrieves a quiz object by id.
and I need to add some additional information on that object for the specific user that requested it (information like: the user's answer).

I am thinking of three ways to do this:
1. To send the user id from the client.
2. To exctract the user id from the token (I am not sure how exactly this can be done)
3. To retrieve the additional information in a separate request.


What do you think the most elegant way to perform this?


Thanks in advance.

 
Bartender
Posts: 590
14
TypeScript Fedora
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You should just have one request that the client needs to make.  If the data comes from different places then you should make another endpoint that aggregates the data.
 
Saloon Keeper
Posts: 14018
316
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How are you keeping track what user is logged in, and where and how do you store what answer a user has given to a particular question?
 
Redan Hassoun
Ranch Hand
Posts: 41
Python Angular Framework Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Al Hobbs wrote:You should just have one request that the client needs to make.  If the data comes from different places then you should make another endpoint that aggregates the data.



I am using JWT for authenticating users, I tried to take the user id from the token that exists on the request header, and return the  data according to the user.

A user requests a quiz and gets the quiz resource back along with his answer for that quiz.

But I am wondering if this is a good practice or should I split the request into two requests:    first get the quiz , then get the answer by user.


You think splitting the request is a better approach ?

 
Redan Hassoun
Ranch Hand
Posts: 41
Python Angular Framework Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:How are you keeping track what user is logged in, and where and how do you store what answer a user has given to a particular question?



I am keeping track of the login using a Json Web Token. I have an authentication filter in the server that makes sure the token is valid before the request reaches the Controller.

And regarding storing the data,

I hava a "user_answer" table that stores:    quiz_id  ,   user_id  and quiz_answer_id.


On my current impelementation I have and endpoint that adds an answer to the table and another endpoint that retrieves a quiz.
Both of them take the user id from the token,


But I am wondering if this is a good practice or should I split the request into two requests

(at least the one that retrieves a quiz) :
first get the quiz , then get the answer by user.

 
Ranch Hand
Posts: 169
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
JSON web token serves two purposes: to authenticate user, and to store user session related information. So, yes, user-id, their last question, are all fair bets, for adding to JWT.
About splitting of APIs, ideally, you should not mix adding data (POST) with getting data (GET). So, you should keep them separate.
 
pie. tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic