Hi,
I have an application where I need to check if the user is authorized for some actions in my backend. Is it a good practice to store the app_pub_key in my database once the user is logged in and pass the token_id as an authorization header everytime user makes a request to an api endpoint that requires an authorization? Therefore, I won’t need to pass the app_pub_key as the request body everytime user makes a request.
Any comment will be appreciated!
Thanks
@gorkem You can refer to our doc https://web3auth.io/docs/pnp/features/server-side-verification/social-login-users on the best practice.
hi @vjgee,
Calling the getUserInfo() or authenticateUser() functions returns the idToken to frontend. Similarly getPrivateKey() function can be used to retrieve the private key of the user in order to compute app_pub_key. During these computations, the id_token and private_key values are stored inside a variable in my frontend. Is this secure to do so?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.