I'm using jsonwebtoken package to Implement JWT WebToken for authentication in my MEAN app.
I used the below code to generate a WebToken after successful user authentication. I added the userid
and a boolean variable
in the payload in JSON format.
let payload = { subject : user._id, is_admin : true };
let token = jwt.sign(payload,'securepasswordgoeshere');
console.log(token);
res.status(200).send({ data: token });
res.end();
I'm creating a cookie in the front end using Angular to save the token. I'm able to decode the payload using this website.
Based on the suggestions I received, a few people have suggested changing the securepassword used for signing payload every 1 hour. I'm not sure whether that is an efficient way and what problems could arise because of it.
Could someone suggest a good approach to solve this?