I’m developing a simple python web app that has two roles.
Let’s call them Role (A,B).
A permissions: [1,2,3]
B permissions: [4,5,6]
I want to be able to assign users a default role (A).
I want to be able to differentiate between the users that have signed.
In order to solve problem one, I assumed that any user that have signed into my web app by default is given a a default Role (A) by hitting the API management (expensive). In order to be of role B, you need to send a ticket for being of Role B (which is not what I really intend).
In order to solve problem two, I just use JWT to check permission. If permission (1) is there in JWT then I know user is of role (A) else user is of role (B).
However, in order to obtain JWT I ended up saving the “access token” in the session, which is terrible.
I wonder if there’s a way to give default roles to users and be able to differentiate between them that’s easy and secure.