Pardon my lack of experience when it comes to security and its concepts but i’m learning here.
So I have a front end application built on angular with a backend in Spring serving my database. My Client side is set up so with the many tutorials i’ve found on here. When I log in, I get an access token in my local storage.
When I copy that token and really look at it, I see my access token, id token, user name, etc. How can I pass my name securely? I’ve always noticed that many database fields have a created_by field of some sort. And with my rest apis secured, I pass the access token to my backend. I verify it, and all is good. However, I only get the access token without any user information. I’ve seen the API okta provides for user info but I would think it would be terrible on performance to redirect to another service every time a user posts a new object instead of securely passing that id token from angular local storage to my backend. Is that feasible to do or do I indeed have to call that user info endpoint every time?