You could use the built-in JWT signing instead of the standard security providers. Then you can define your user_id as the Subject of the JWT and verify the signature whenever a request hits the backend. You can store the JWT in a session etc.
1 Like