When i first started working with java springboot and jwt implementation i heard from every tutorial that token is stateless and must be saved on Authorization header for each request.
But many people are telling me to save on database cuz with a simple inspect they can get it and use on my endpoints. Am i getting something wrong here or these guys dont know about jwt? Can someone explain the stateless meaning also? Thanks in advance!
Welcome to the Community!
There are quite a few resources on the web about these topics, Google is your friend here.
Tokens aren’t saved in the auth header, they are sent via the auth header. Storage will depend on the token type (is it a user token or M2M token? on the client or server?).
Stateful vs stateless generally means the token is being kept track of by the server. A stateless token generally carries a payload that tells the server when it expires, the intended audience, etc.