User role stored in public.users or raw_user_meta_data?
Hello,
Is it a good practice to add the user's role in raw_user_meta_data of auth.users? Knowing that the role will be used in the JWT to check the "student", "admin", "teacher" role before granting access. Given that a malicious user uses Postman to register and pass the "admin" role in raw_user_meta_data or to call updateUser() and modify its role.
How can I proceed?
My public.users table has a userrole column of type enum of "student", "admin", "teacher", which is inserted automatically thanks to a trigger on auth.users
Can someone help me please on that?
Thanks!
Is it a good practice to add the user's role in raw_user_meta_data of auth.users? Knowing that the role will be used in the JWT to check the "student", "admin", "teacher" role before granting access. Given that a malicious user uses Postman to register and pass the "admin" role in raw_user_meta_data or to call updateUser() and modify its role.
How can I proceed?
My public.users table has a userrole column of type enum of "student", "admin", "teacher", which is inserted automatically thanks to a trigger on auth.users
Can someone help me please on that?
Thanks!
