> On Feb 10, 2016, at 4:05 PM, Jonathan Vanasco <[email protected]> wrote: > > > > On Wednesday, February 10, 2016 at 10:27:33 AM UTC-5, Krishnakant wrote: > > Can I have the data be a dictionary inside the payload itself? > I don't want tu use the sub or inside payload. > > No. If you look at the source, `payload` is a specifically structured > managed dictionary that contains bookkeeping information. > https://github.com/wichert/pyramid_jwt/blob/master/src/pyramid_jwt/policy.py#L34-L43 > > <https://github.com/wichert/pyramid_jwt/blob/master/src/pyramid_jwt/policy.py#L34-L43> IMO that payload shouldn’t contain very much. You’re going to get a token which is going to be stored for some duration. Any information that goes in there (e.g. first and last name) should be something that isn’t going to change, for example, correcting a typo in the last name. Or, you might change your mind about the payload structure and you then have to do something to invalidate all the existing tokens and force a re-login.
When I do JWT in Pyramid and Angular, I would do the authentication request, get the response containing the token, and tie that to a JS “promise” which immediately fetched the profile information separately. OTOH you might have some application design where there aren’t profiles and everything is token-based. —Paul -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/d/optout.
