Is it safe to save user role in JWT token with NextAuth?
Hello,
When using the JWT strategy, NextAuth puts the user role automatically in the token. Is this safe to do? If I google it, its a bit of a yes-no answer.
If I look at Cal.com, they even put more information in it. I want to use the role only to check if authenticated user is allowed to visit a specific page. Of course, everytime a user does an action, it will be checked if the user is allowed via a middleware.
When using the JWT strategy, NextAuth puts the user role automatically in the token. Is this safe to do? If I google it, its a bit of a yes-no answer.
If I look at Cal.com, they even put more information in it. I want to use the role only to check if authenticated user is allowed to visit a specific page. Of course, everytime a user does an action, it will be checked if the user is allowed via a middleware.
