I ended up going with a JWT and encoding the user id into it. This works good as I've left bare minimum information in there and I just use this ID when calls to my APIs occur to run the user ID through a policy on the route which checks their access level. I can then accept or deny plus attach in their user profile if I want to then use it further down stream. Revoking access is nice and simple this way too as each member has an access level I can switch and just block them at the policy.
Interesting you are using discord bots. I've built a few telegram bots now it's definitely a lot of fun and oddly satisfying running commands through a messenger!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I ended up going with a JWT and encoding the user id into it. This works good as I've left bare minimum information in there and I just use this ID when calls to my APIs occur to run the user ID through a policy on the route which checks their access level. I can then accept or deny plus attach in their user profile if I want to then use it further down stream. Revoking access is nice and simple this way too as each member has an access level I can switch and just block them at the policy.
Interesting you are using discord bots. I've built a few telegram bots now it's definitely a lot of fun and oddly satisfying running commands through a messenger!