I must have a way to get the user id in my python API to independently validate/verify backend calls.
Requires_auth decorator just verifies the JWT is valid, but ultimately, I do not want any validated user POST’ing ANY information to my server; example: a valid user can change the POST to some other users’ ID and make a request…
I want to have a way to obtain user ID from the JWT decorator flow somehow and make sure the request is from that user.
What is the best way to do this?