I’ve just read 5 of your articles and they’re very good.

Oct 10, 2016

User Authentication using JWT (JSON Web Token) in Node.js (Express Framework )

I’ve just read 5 of your articles and they’re very good. I’m thankful that you’re writing this. However, I have to ask… Why do you not follow the common node convention of going error first? Normally, everyone’s callbacks are like so:

if (err){

//handle err

//return
}
//non-error code

Because this removes one level of nesting from your code and is much cleaner and readable.

Another question I have, and the main reason I don’t use JWT’s is… in a complex application with multiple user roles, if I’m using server sessions I can store session data such as whether the user’s membership is paid, whether they’re an admin, etc. If I store that in a JWT, then anyone with access to one of my user’s computer can hijack that information. How can you handle such things as storing a shopping cart, whether user is admin or not, and stuff like that without storing it in the token’s data?