I am building a quiz application using Java Spring and Angular.
On some of my server endpoints, I need to return the data according to which user has sent the request.
I have a GET request that retrieves a quiz object by id.
and I need to add some additional information on that object for the specific user that requested it (information like: the user's answer).
I am thinking of three ways to do this:
1. To send the user id from the client.
2. To exctract the user id from the token (I am not sure how exactly this can be done)
3. To retrieve the additional information in a separate request.
What do you think the most elegant way to perform this?
JSON web token serves two purposes: to authenticate user, and to store user session related information. So, yes, user-id, their last question, are all fair bets, for adding to JWT.
About splitting of APIs, ideally, you should not mix adding data (POST) with getting data (GET). So, you should keep them separate.